If the error was temporary, I could disable TLS negotiation for remote
server and ask them to fix the problem.
After some soul-searching, I've changed my mind. I'm going to change
so that the default configuration ignores errors in response to a
STARTTLS. This won't help if the other server accepted a STARTTLS, but
the actual TLS negotiation failed, because of a cipher mismatch, or
something of this sort. The TLS session is broken at this point,
everyone's screwed, and you can't do anything there.
There will be a setting to treat all STARTTLS errors as soft errors,
or revert to the current behavior of a hard error, if someone still
Would it make sense to invoke a user-provided script to sort this out?
A script could track server certificates, update esmtproutes, notify
admins, report attacks, and whatever.