[pfx] Re: #5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command) - how to repair?

Mon, 29 Jul 2024 07:16:02 -0700 

Thank you ALL for replies.

I added
smtpd_tls_security_level = may

but still the same.



Here is my Main.cf file ( I deleted   only  my network details).



# See /usr/share/postfix/main.cf.dist for a commented, more complete version
#smtp_enforce_tls = yes

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2



# TLS parameters
smtpd_tls_security_level = may
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination 



mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
maillog_file = /var/log/postfix.log

virtual_alias_domains = /etc/virtual_domains
#virtual_mailbox_base = /var/spool/mail
virtual_alias_maps = hash:/etc/virtual_mailbox

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
myorigin = /etc/mailname
message_size_limit = 52428800





Can you see any reason for
Re: #5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command) 

Thank you



On 29/07/2024 16:00, Viktor Dukhovni via Postfix-users wrote:

On Mon, Jul 29, 2024 at 03:48:42PM +0200, Jaroslaw Rafa via Postfix-users wrote:


Isn't there any possibility to use a dedicated transport to such a broken
server, with settings that force use of TLS to deliver the message
regardless of target server not advertising it?


No, because the servers in question not only don't offer STARTTLS in
EHLO, but also refuse STARTTLS if you try.  There aren't many such
systems, but they exist.  Perhaps not the OP's issue, but it is a
remote possibility.


_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to