hostmaster--- via Postfix-users:
> Hi all
>
> I'm struggling with smtpd_tls_security_level = encrypt.
>
> I have a postfix installation/configuration with smtpd_tls_security_level =
> may and public (letsencrypt) certificates running nicely since years.
> Postfix is offering STARTTLS upon connections from incoming smtp servers
> which a good part (all the relevant ones) are using to upgrade to TLS. This
> works fine.
>
> After checking the logs, I found that 99% of the non-TLS connections are
> SPAM attempts, that get sorted out anyway, so I decided it might be a good
> idea to enforce TLS, to avoid unencrypted email transfers at all (I might be
> wrong). So I set smtpd_tls_security_level = encrypt. However, with encrypt,
> all connection attempts fails, also those that have upgraded to TLS when
> smtpd_tls_security_level was set to may.
>
> I did a tcpdump and found that client and server are starting establishing a
> STARTTLS sequence but the server suddenly stops the process and returns the
> following error message to the sender by email:
Please show Postfix SMTPD logging for ONE such a failed connection,
including the "connect from" and "disconnect from" lines.
DO NOT TURN ON debug logging with '-v' options in master.cf.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
