A. Schulze via Postfix-users:
> If I try "-o smtp_fallback_relay=[fallback_relay.example]:465" I get this log:
> Feb 27 22:35:58 mta postfix/with_fallback/smtp[7326]: SMTPS
> wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode
> = yes", and "smtp_tls_security_level = encrypt" (or stronger)
>
> OK, using SMTPS only for the connection to the fallback_relay
> seems not possible as documented, right?
There is no 'automatic' wrappermode at this time.
The smtp_fallback_relay fearture was added when smtps was deprecated
and all deliveries used plaintext or starttls, a decade or more
before TLS wrappermode was implemented.
> My goal is to use SMTPS for most/many/all connections between
> postfix instances, I operate ...
For now, use port 587 and enforce a TLS security level that can
match the server certificate.
Automatic wrapper would require new code, for example
smtp_tls_enable_wrappermode_services = submissions smtps 465 ...
Hopefully that will play nice with SRV lookups.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
