This is my first time trying to use postfix, so I'm not very familiar with
the configuration. In fact, the config I'll describe was mostly crafted
with the help of ChatGPT-5.
This is a simple home-based relay setup. I use alpine to send email from
2 local users with ~6 email addresses between them. All email sent via
alpine goes through the postfix smtpd service and then connects to the
ISP's SMTP server based on the sender address. alpine and postfix are
both on the same host and postfix only listens on loopback:25.
So... I have the following defined
mydomain = home.arpa
myhostname = mail.home.arpa
inet_interfaces = loopback-only
mynetworks = 127.0.0.0/8
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = PLAIN, LOGIN
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_mandatory_ciphers = high
smtp_dns_support_level = enabled
sasl_passwd contains lines like this:
[email protected] [email protected]:XXXXX
[email protected] [email protected]:XXXXX
[email protected] [email protected]:XXXXX
[email protected] [email protected]:XXXXX
sender_relay contains lines like this:
[email protected] [smtp.isp1.com]:465
[email protected] [smtp.isp1.com]:465
[email protected] [smtp.isp2.com]:587
[email protected] [smtp.isp2.com]:587
With that configuration, both users @isp2.com can send email just fine,
but both users @isp1.com fail with the following message:
SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and
"smtp_tls_security_level = encrypt" (or stronger)
If I edit main.cf and enable:
smtp_tls_wrappermode = yes
Then both users @isp1.com can send fine, but both users @isp2.com fail
with this error:
warning: TLS library problem: error:0A00010B:SSL routines::wrong version
number:ssl/record/methods/tlsany_meth.c:84:
1B2A72805D5: Cannot start TLS: handshake failure
Now, I get why it behaves this way. What I don't get is how to support
both methods at the same time.
ChatGPT-5 suggested the following setup.
add this to master.cf:
smtps unix - - n - - smtp
-o smtp_tls_wrappermode=yes
-o smtp_tls_security_level=encrypt
-o smtp_fallback_relay=
change main.cf to this:
smtp_tls_wrappermode = no
transport_maps = hash:/etc/postfix/sender_transport
with sender_transport containing this:
[smtp.isp1.com]:465 smtps:
[smtp.ips2.com]:587 smtp:
postmap sasl_passwd
postmap sender_relay
postmap sender_transport
postfix reload
Unfortunately, this setup still fails. It acts as if the transport map
isn't consulted at all, users @isp2.com can send fine, but users @isp1.com
still get that same error:
SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and
"smtp_tls_security_level = encrypt" (or stronger)
So, what's wrong with my config?
I'm not tied to this specific configuration by any means, as I said, this
was basically designed by ChatGPT-5. If there's a better way to do what I
want I'm fine with that.
Thanks for any help.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
