> On Feb 5, 2016, at 11:04 AM, Ned Freed <ned.freed@xxxxxxxxxxx> wrote: > >> As for a delay of < 5 minutes delivering email to such broken sites >> it is, for most users, a reasonable trade-off to reduce needless >> TLS fallback in the face of routine transmission glitches. > > That's a consequence of piggybacking cleartext fallback on the deferral > mechanism you use for transmission failures. It doesn't have to be done this > way. Final comment. Cleartext fallback in Postfix is NOT piggybacked on the deferral mechanism, in fact until quite recently cleartext fallback was done synchronously during the initial delivery. And in fact, it is still synchronous now, because the second delivery still tries TLS again (just in case the first failure was a fluke) and then retries in cleartext without extra delay (beyond the time it takes to try and fail TLS). The new approach is a careful compromise that avoids over-eager cleartext fallback on the first attempt, not because we don't have the code to do it right away, but because we *chose* to delay and try TLS again. With that, I'm done imposing on ietf@xxxxxxxx in this thread. Sorry about the noise. -- -- Viktor.