Technically, that’s not right.. There’s no technical reason why a backup MX should be required to offer STARTTLS just because the primary does.
That being said, support for STARTTLS should be pretty much universal these days, so asking the question is fair. Just not with the angle of it being a root-cause for any ‘headache’ on your part. Your MTA should support plain-text fallback, or, you make the choice to have deliverability challenges such as this. Mark. From: mailop [mailto:[email protected]] On Behalf Of Stefan Bauer Sent: Thursday, 14 February 2019 12:54 a.m. To: [email protected] Subject: Re: [mailop] Strato Postmaster around? relay.rzone.de does not offer STARTTLS Hi Ken, i fully agree but I'm asking why the primary MX supports STARTTLS but the backup MX does not in case of Strato. Strategy should either be full TLS (on all MX) or not at all. The mix is what causes headache and i see no reasons why one would go this path so I'm asking the community :) Stefan -----Ursprüngliche Nachricht----- Von: Ken O'Driscoll via mailop <[email protected] <mailto:[email protected]> > Gesendet: Mittwoch 13 Februar 2019 10:49 An: [email protected] <mailto:[email protected]> Betreff: Re: [mailop] Strato Postmaster around? relay.rzone.de does not offer STARTTLS On Wed, 2019-02-13 at 07:31 +0000, Stefan Bauer wrote: > As alot of sites nowadays enforce TLS, this is a showstopper, when the > primary MX is rejecting connections by greylisting, sender tries > second(backup) mx and fails due to missing STARTTLS. If the backup mx > would also use greylisting, the client would come back later to primary > MX and would be able to deliver. Hi Stefan, The vast majority of public MX servers do not enforce TLS, they offer opportunistic TLS whereby TLS is supported if asked for but a plaintext SMTP conversation is still supported. *snip*
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
