Forcing retry of deferred messages using opportunistic TLS
This post has NOT been accepted by the mailing list yet.
I have setup a client/server deployment where messages are sent from the client to the server using opportunistic TLS.
To test that opportunistic is working as expected, I have configured the TLS client to use TLSv1 (e.g. smtp_tls_protocols = !SSLv2, !SSLv3, TLSv1) and the TLS server to expect TLSv1.2 (e.g. smtpd_tls_protocols = !SSLv2, !SSLv3, TLSv1.2).
As expected, when I send a message via the client to the server, the TLS handshake fails and the message is moved to the deferred queue.
If I leave the system unattended, eventually Postfix will automatically retry delivery of the deferred message. This re-attempts the TLS handshake (which fails again) but then sends the message in plain text (expected behaviour for opportunistic TLS).
However, if I try to force delivery retry of the message using the following command...
...the message is moved back into the outbound message queue (postfix-outbound in my system), the TLS handshake is attempted (and fails as expected) but the message is moved back into the deferred queue again rather than sent via plain text.
I am presuming that using the specified command above results in the message being treated as a new message rather than a deferred-retry-message and as a result opportunistic TLS will never work.