The problem is probaly in the lines above in your log. Have you tried to reload postfix (to get a clear offset in the log) and then telnet to 127.0.0.1?
Send postconf -n and we will be able to help you. p@rick * srach <hndls...@tutanota.de>: > Bleh. I think I am tired and making worse and worse mistakes. May be I need > to make a step away for some time. :-( > > I have made some change that I cannot find and have an error now I do not see > or know the cause for. > > I made a Postfix instance for getting mail with Postscreen and recipient > verify steps, and some of the recipient restrictions for smtpd. It is named > 'pf-in'. > > I also made a Postfix instance for simple sending out mail. It is named > 'pf-out'. > > The TLS is turned on to the 'Opportunistic' type with '= may' for both the > instances. > > So I think it should use the TLS when it is available and be okay if not. > > On my laptop I send a test email. It sends to the 'pf-in' instance > > sendmail -i -f root -t <<EOF > From: s...@srchdomain.com > To: srcht...@clientdomain.com > Subject: test > test > EOF > > I see the mail processing with Postscreen 'pf-in' > > Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: CONNECT from > [XX.XX.XX.XX]:43942 to [YY.YY.YY.YY]:25 > Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: WHITELISTED > [XX.XX.XX.XX]:43942 > > Then next after the Postscreen PASS the mail goes to the internal smtpd on > 'pf-in' > > Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: connect from unknown[XX.XX.XX.XX] > Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: AB1E08F422: > client=unknown[XX.XX.XX.XX] > Jan 29 19:01:08 srchsvr pf-in/cleanup[11785]: AB1E08F422: > message-id=<20150129190108.4200d40...@srchdell.srchdomain.com> > Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: disconnect from > unknown[XX.XX.XX.XX] > > And then into the queue and is send to the 'pf-out' instance > > Jan 29 19:01:08 srchsvr pf-in/qmgr[11632]: AB1E08F422: > from=<r...@srchdomain.com>, size=536, nrcpt=1 (queue active) > Jan 29 19:01:08 srchsvr pf-out/smtpd[11787]: connect from > http://srchsvr.srchdomain.com[127.0.0.1] > > But now the log says > > Jan 29 19:01:08 srchsvr pf-in/smtp[11786]: AB1E08F422: > to=<srcht...@clientdomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, > delays=0.11/0.01/0.02/0, dsn=4.7.0, status=deferred (TLS is required, but > host 127.0.0.1[127.0.0.1] refused to start TLS: 454 4.7.0 TLS not available > due to local problem) > > I think this says the problem is in the 'pf-out' instance but it is the > 'pf-in' instance that hears it and says it in the log. > > I have been searching on the sentences > > "TLS is required" "refused to start TLS" "454 4.7.0" "TLS not available > due to local problem" > > But only found some suggestions that the Certificate I use is not good. I > know that it is since it uses okay in other applications. > > What idea can I try to fix for this crazy problem I have done myself? > > *S* > > -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
