On Wed, Apr 08, 2015 at 03:55:46PM +0500, Muhammad Yousuf Khan wrote:
> it is written in books and on internet forums that in main.cf.
> - *smtp_tls_auth_only* for outgoing mails or to send mails to other
Any such books are wrong, and "forums" are full of clueless cargo-cult
advice. There is "smtp_tls_auth_only" parameter in Postfix.
> Mailserver.
> - *smtpd_tls_auth_only *for clients/customers sending emails to my server.
This parameter exists, and controls whether the Postfix SMTP server
allows SASL logins via unecrypted connections.
> *Test1 *- (sending email from postfix to gmail server)
> smtp_tls_auth_only = may
> smtpd_tls_auth_only = may
The first parameter is fictional and is ignored, the second can
only be set to "no" or "yes" and is used when receiving mail. Your
SMTP server might not work with that bogus "may" setting.
The parameters that take one of the values "none, may, encrypt, ..."
are:
smtp_tls_security_level = may
smtpd_tls_security_level = may
and control the use of TLS encryption, not SASL user authentication.
> *Test3 *- (sending email from my postfix to gmail server)
>
> smtp_tls_auth_only = encrypt
Surely that was actually "smtp_tls_security_level = encrypt".
> relay=127.0.0.1[127.0.0.1]:10024,
> delay=0.07, delays=0.06/0.01/0/0, dsn=4.7.4, status=deferred (TLS is
> required, but was not offered by host 127.0.0.1[127.0.0.1])
Well, you need to either explicitly disable mandatory TLS for the
transport used to content-filter your mail, or make TLS mandatory
*only* for the gmail relay via:
http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps
--
Viktor.
