24 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Failback TLS for ...| From | Sent On | Attachments |
|---|---|---|
| Dino Ciuffetti | May 13, 2008 1:14 pm | |
| Owen O' Shaughnessy | May 13, 2008 1:40 pm | |
| Dino Ciuffetti | May 14, 2008 10:34 am | |
| Arno | May 14, 2008 10:57 am | |
| Dino Ciuffetti | May 14, 2008 11:43 am | |
| Milan Obuch | May 14, 2008 11:46 am | |
| Aidas Kasparas | May 14, 2008 11:53 am | |
| Arno | May 14, 2008 12:33 pm | |
| Lindsay Haisley | May 14, 2008 12:34 pm | |
| Lindsay Haisley | May 14, 2008 12:52 pm | |
| Bernd Wurst | May 14, 2008 1:34 pm | |
| Aidas Kasparas | May 14, 2008 2:15 pm | |
| Esa | May 14, 2008 2:21 pm | |
| Sam Varshavchik | May 14, 2008 3:43 pm | |
| Bernd Wurst | May 14, 2008 10:18 pm | |
| Aidas Kasparas | May 14, 2008 10:44 pm | |
| Jerry Amundson | May 14, 2008 11:20 pm | |
| Aidas Kasparas | May 15, 2008 12:09 am | |
| Owen O' Shaughnessy | May 15, 2008 12:22 am | |
| Esa | May 15, 2008 10:42 am | |
| Aleksander Adamowski | May 16, 2008 2:53 pm | |
| Dino Ciuffetti | May 17, 2008 1:53 am | |
| Aleksander Adamowski | May 29, 2008 12:15 pm |  .pl |
| Aleksander Adamowski | May 29, 2008 12:16 pm | .pl |
| Subject: | Re: [courier-users] Failback TLS for broken smtp servers? | |
|---|---|---|
| From: | Milan Obuch (cour...@dino.sk) | |
| Date: | May 14, 2008 11:46:44 am | |
| List: | net.sourceforge.lists.courier-users | |
On Wednesday 14 May 2008, Dino Ciuffetti wrote:
Is it possible to make courier automagically failing back to plain text for broken smtp hosts that advertise STARTTLS but are broken on STARTTLS command returning something like: "454 TLS not available: missing RSA private key (#4.3.0)"?
AFAIK it isn't possible in general. But think about it: why should it? If you announce being able do TLS and actually you aren't why should you announce it in the first place? It's up to the receiving server to get it right. Either I do "speak" TLS and announce it, or I can't. In the latter case I can't announce it.
Yes, that'ok. I agree with you!!
There's a workaround, though, but it's ugly: put something like
receiving-domain.example: mx.for.receiving.domain.example /SECURITY=NONE
in your esmtproutes. That fixes the problem for receiving-domain.example, but not in general. As I said, it's an ugly workaround.
This temporarily solved the problem... I home mx/cname record for that domain does not change too quickly :-)
Thank you so much!!! Dino.
Well, you need not to specify it at all. I am using
domain.com: /SECURITY=NONE
and that's it. It means 'just lookup MX record the usual way and use the result, but do not try TLS at all'.
Regards, Milan
-- This address is used only for mailing list response. Do not send any personal messages to it, use milan in address instead.