Disable TLS for specific MX or recipient domain ? #640

mnellemann · 2024-07-22T09:15:06Z

mnellemann
Jul 22, 2024

Hi,

I have an issue with a specific recipient hosted at an MX that supports TLS, but handshake fails and it turns into a 'failed to deliver message'.

I can see that the MX supports TLS-1.2, but I'm guessing only weak ciphers.

Is there any way to disable TLS for only this specific MX or recipient domain ?

Many thanks in advance.

mdecimus · 2024-07-25T18:52:57Z

mdecimus
Jul 25, 2024
Maintainer

Hi,

Yes, you can define an expression on the starttls setting that disables TLS for this (or multiple) hosts.
Using expressions you can also disable TLS after the nth failed delivery attempt caused by a TLS error.

0 replies

mnellemann · 2024-07-25T19:13:05Z

mnellemann
Jul 25, 2024
Author

Hi @mdecimus

Would you happen to have an example I could use in my config.toml file ?

Thank you.

/Mark

1 reply

mdecimus Jul 25, 2024
Maintainer

You can use this expression:

[queue.outbound.tls]
starttls = [ { if = "retry_num > 0 && last_error == 'tls'", then = "disable"},
             { else = "optional" }]

mnellemann · 2024-07-26T16:12:06Z

mnellemann
Jul 26, 2024
Author

Many thanks!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disable TLS for specific MX or recipient domain ? #640

{{title}}

Replies: 3 comments 1 reply

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Disable TLS for specific MX or recipient domain ? #640

mnellemann Jul 22, 2024

Replies: 3 comments · 1 reply

mdecimus Jul 25, 2024 Maintainer

mnellemann Jul 25, 2024 Author

mdecimus Jul 25, 2024 Maintainer

mnellemann Jul 26, 2024 Author

mnellemann
Jul 22, 2024

Replies: 3 comments 1 reply

mdecimus
Jul 25, 2024
Maintainer

mnellemann
Jul 25, 2024
Author

mdecimus Jul 25, 2024
Maintainer

mnellemann
Jul 26, 2024
Author