TLS error lost when subsequent MX attempts fail with connection timeout

[m24130]

Issue Description

With the default policy:

{ if = "retry_num > 0 && last_error == 'tls'", then = "'invalid-tls'" }

there is a problem in multi-MX scenarios.

If:

1. First MX fails with a TLS error,
2. Stalwart retries another MX,
3. That MX fails with connection timeout,

then last_error becomes different and the original TLS error is lost.

As a result, the policy above does not trigger, even though the domain had a TLS failure.

Expected Behavior

TLS errors should not be overridden by later connection errors from other MX hosts. The retry logic should preserve TLS failure state across MX attempts.

Actual Behavior

No response

Reproduction Steps

No response

Relevant Log Output

No response

Stalwart Version

v0.15.x

Installation Method

Binary (Linux)

Database Backend

RocksDB

Blob Storage

RocksDB

Search Engine

Internal

Directory Backend

Internal

Additional Context

No response

I acknowledge that:

• I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.
• I have searched the Stalwart repository (both open and closed Discussions and Issues) and confirm this is not a duplicate.
• I have set the logging level to trace and included relevant log output if applicable.
• I agree to follow the project's Code of Conduct.

[mdecimus]

Stalwart does not keep a history of previous errors (except the logs of course). The expression only has access to the last error message type.

[m24130]

It's a bug and causes stalwart to loop even when right strategy is obvious.