Hi Wietse Thanks a lot for your answer and sorry, I should have provided the related logs with my initial post. Viktor pointed me into the right direction and I was able to get the system running as intended in the meantime.
Thanks a lot for bringing postfix alive and sharing it with the world! Have a nice weekend Mark -----Ursprüngliche Nachricht----- Von: Wietse Venema via Postfix-users [mailto:postfix-users@postfix.org] Gesendet: Samstag, 7. September 2024 16:01 An: Postfix users Betreff: [pfx] Re: struggling with smtpd_tls_security_level = encrypt - 5.7.0 Must issue a STARTTLS command first hostmaster--- via Postfix-users: > Hi all > > I'm struggling with smtpd_tls_security_level = encrypt. > > I have a postfix installation/configuration with smtpd_tls_security_level = > may and public (letsencrypt) certificates running nicely since years. > Postfix is offering STARTTLS upon connections from incoming smtp servers > which a good part (all the relevant ones) are using to upgrade to TLS. This > works fine. > > After checking the logs, I found that 99% of the non-TLS connections are > SPAM attempts, that get sorted out anyway, so I decided it might be a good > idea to enforce TLS, to avoid unencrypted email transfers at all (I might be > wrong). So I set smtpd_tls_security_level = encrypt. However, with encrypt, > all connection attempts fails, also those that have upgraded to TLS when > smtpd_tls_security_level was set to may. > > I did a tcpdump and found that client and server are starting establishing a > STARTTLS sequence but the server suddenly stops the process and returns the > following error message to the sender by email: Please show Postfix SMTPD logging for ONE such a failed connection, including the "connect from" and "disconnect from" lines. DO NOT TURN ON debug logging with '-v' options in master.cf. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
