2010/12/5 Christian Roessner <c...@roessner-network-solutions.com>: >>> When I use telnet to connect to mx0.roessner-net.de 25, waiting for >>> postscreen to allow me sending EHLO, I only get the following list of >>> commands: >>> >>> Trying 78.46.253.227... >>> Connected to mx0.roessner-net.de. >>> Escape character is '^]'. >>> 220-mx0.roessner-net.de ESMTP >>> 220 mx0.roessner-net.de ESMTP >>> EHLO client.unitymedia.org >>> 250-mx0.roessner-net.de >>> 250-SIZE 31457280 >>> 250-ETRN >>> 250-ENHANCEDSTATUSCODES >>> 250-8BITMIME >>> 250 DSN >>> >>> Where is the STARTTLS? When I look at the logs, I see that servers use TLS >>> to communicate with my server. So could someone tell me, how the trick >>> works? To do TLS without seeing the STARTTLS command? And I do not have 465 >>> open. Only 25. >>> >>> Thanks to anybody who might like to bring light into dark for me :-) >> >> telnet is the wrong tool. >> openssl s_client -connect mx0.roessner-net.de:25 -startls smtp \ >> -CAfile /path/to/ca > > But how does a client know that the server _offers_ starttls, if not > connecting plain and looking for the STARTTLS keyword? > > Christian
Hello, try add "smtpd_tls_security_level=may" to main.cf or master.cf -- Lampa
