Hi Archange

Thank you for your reply, I will answer inline.

> Den 22. feb. 2020 kl. 20.01 skrev Archange <archa...@activis.me>:
> Hi,
> Le 22/02/2020 à 19:55, Søren Aurehøj a écrit :
>> Hi Misc
>> I am using OpenSMTPD 6.6.0 on OpenBSD 6.6 stable
>> Currently I’m using the tls-require option in order to get mandatory TLS on 
>> outgoing mail, but with that follows the normal time-out values regarding 
>> bounce intervals.
>> Because of greylisting, I’m not sure that adjusting these time-out values is 
>> the best way around this problem.
> I’m not sure how greylisting is involved here. Can you elaborate?
I was lowering bounce warn-interval as an interim measure to speed up 
non-deliveries due to missing TLS - that could collide with greylisting 
intervals if lowered the warn-interval to much.

>> I have tested the scenario with a mailserver which is unable to use TLS, by 
>> sending mail to mailnesia.com <http://mailnesia.com/>. 
>> This gives the expected result - "mta event=error reason=TLS required but 
>> not supported by remote host” in the maillog.
>> My mailserver recognizes when it is unable to continue the delivery due to a 
>> configuration setting on my mailserver. 
>> But instead of bouncing the mail immediately, it is queued anyway for later 
>> delivery.
>> Is it possible to enforce outgoing mail to always use TLS - and bounce more 
>> or less immediately, 
>> if the sending mailserver registers that the receiving mailserver is unable 
>> to meet our requirements regarding TLS?
> I don’t know, but it seems a bad idea: what about a transient failure? The 
> mail systems expect you to keep retrying to deliver for some time. They are 
> several reasons that could lead to your email being temporarily rejected 
> because your MTA was unable to establish a correct TLS session, but still 
> succeed some time after that.
That’s a risk I am ready to accept - sending with TLS is mandatory according to 
our data protection officer, citing GDPR and the sensitivity of the emails sent.


Reply via email to