Certificate subject names checked when `min_tls_level` is `encrypted`

[lesderid]

Describe the bug

maddy checks the certificate common name (and alt names) when min_tls_level is set to encrypted. It should only check whether a certificate is available, not if the MX name is a subject name, unless min_tls_level is set to authenticated.

Steps to reproduce

1. Find a mail server with this issue (e.g. sourceware.org servers)
2. Send an e-mail to it

Log files

queue: delivery attempt failed        {"domain":"cygwin.com","msg_id":"f6811c56","rcpt":"cygwin-patches@cygwin.com","reason":"TLS it not available or unauthenticated but required","smtp_code":451,"smtp_enchcode":"5.4.0","smtp_msg":"No usable MXs, last err: TLS it not available or unauthenticated but required","target":"remote","tls_err":"tls: failed to verify certificate: x509: certificate is valid for server2.sourceware.org, not sourceware.org.","tls_level":"none"}

Configuration file

# ...

target.remote outbound_delivery {
    # ...

    local_policy {
        min_tls_level encrypted
        min_mx_level none
    }
}

Environment information

• maddy version: 0.7.0 (linux/amd64 go1.20.4)

[foxcpp]

Error handling code on Go 1.20 misinterprets TLS verification errors as connection errors, therefore downgrading connection to plain text and failing min_tls_level test. Fixed in 17b76d9.