Forcing retry of deferred messages using opportunistic TLS

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Forcing retry of deferred messages using opportunistic TLS

This post has NOT been accepted by the mailing list yet.
I have setup a client/server deployment where messages are sent from the client to the server using opportunistic TLS.

To test that opportunistic is working as expected, I have configured the TLS client to use TLSv1 (e.g. smtp_tls_protocols = !SSLv2, !SSLv3, TLSv1) and the TLS server to expect TLSv1.2 (e.g. smtpd_tls_protocols = !SSLv2, !SSLv3, TLSv1.2).

As expected, when I send a message via the client to the server, the TLS handshake fails and the message is moved to the deferred queue.

If I leave the system unattended, eventually Postfix will automatically retry delivery of the deferred message. This re-attempts the TLS handshake (which fails again) but then sends the message in plain text (expected behaviour for opportunistic TLS).

However, if I try to force delivery retry of the message using the following command...

sudo postmulti -i postfix-outbound -x postqueue -i <message_id>

...the message is moved back into the outbound message queue (postfix-outbound in my system), the TLS handshake is attempted (and fails as expected) but the message is moved back into the deferred queue again rather than sent via plain text.

I am presuming that using the specified command above results in the message being treated as a new message rather than a deferred-retry-message and as a result opportunistic TLS will never work.