Hi, > Let's talk about one thing at a time. What problem is your user > reporting? > > * An inability to use your server as a submission server, that is, > to use an MUA like Outlook with your server as its SMTP server? > > Or > > * An inability to route mail to some remote system via your server? > > Your initial post seemed to suggest the latter, but now you're > taling changing settings when receiving mail, why?
I'm sorry for the confusion. I've asked for confirmation on my understanding, just to be sure. We have a user who is using a remote service that then uses the user's credentials to connect to my server and send mail to remote recipients. This service doesn't support TLS, apparently only SSL (and probably plaintext). Hopefully that's clear. > > > > smtp_use_tls = yes > > > > > > Set "smtp_tls_security_level = may" instead. > > > > I have that as well. Should I just comment out smtp_use_tls? > > If you really had it in place, it would have been reported by > "postconf -n". Did you not report all the settings? > Or are you > confusing "smtpd_tls_security_level" with "smtp_tls_security_level"? Yes, that's what I did. I've now commented out smtp_use_tls and added "smtp_tls_security_level = may". So I now have "smtp_tls_security_level = may" and "smtpd_tls_security_level = may". > > I'm not sure I'm explaining myself properly. The issue is that we have a > > client, which I assume would be Outlook, that would like to connect to my > > postfix server to send a remote system an encrypted email that only > > supports SSL. > > Which thing only supports SSL, the Outlook client, or the remote > system? It should now be clear that this remote service, which will be acting as a client to my postfix server, needs to send encrypted mail using my server, but is unable to support TLS. > To support Outlook as an SSL/TLS submission client, you need to > setup the smtps (input) wrapper-mode service as described in > TLS_README. Outlook indeed does not support "TLS" (that is > STARTTLS) and only supports SSL encapsulated SMTP on port 465. I only see information on smtpd_tls_wrapper_mode in TLS_README. Am I missing it? It also seems with the smtpd_tls_wrapper_mode that it replaces STARTTLS. Will this be the case with smtps as well, or will it be able to support TLS as well as SSL? Thanks, Alex
