opensrs provides mailbox accounts for mail providers
and that’s how they’re doing it… i have a ticket open with them about this
what I suggest in the meantime is that you disable the use of TLS for that domain
yes, i did that… set it to be OpportunisticInsecure for that domain
@free-spirited-yorksh Did you have thoughts on making Opportunistic default to Insecure, and have OpportunisticSecure as an option?
Yes; I strongly believe that insecure should never ever be the default.
you are of course welcome to set the default for your deployment to insecure if you prefer that
My testing has all been with a single subdomain and not CNAMED.
IE: mta1.kumomta.com
I can put some more extensive testing. on my “todo” list.