I really hate my self when i do some thing confidently and doing it very
wrong. actually the parameter i typed in over all examples were wrong. the
correct one is "smtp_tls_security_level and smtpd_tls_security_level" and
ofcouse you may have notice them in my "postconf -n". anyways mistake is a
mistake.
now can you please explain these wrong result in light of above
Where's the port 25(smtp) inet service?
do you mean this line "smtp inet n - n - - smtpd -v"sorry i missed it. it
was at the top and i copied the lower end of the file.
> > submission inet n - n - - smtpd
> > -o syslog_name=postfix/submission
> > # -o smtpd_tls_security_level=encrypt
> > -o smtpd_sasl_auth_enable=yes
> > -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> > -o milter_macro_daemon_name=ORIGINATING
>
> Make that:
>
> submission inet n - n - - smtpd
> -o syslog_name=submission
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o milter_macro_daemon_name=ORIGINATIN
Ok i also uncommitted as suggested.
here are main.cf parameters that you wanted me to change
# cat /etc/postfix/main.cf | grep level
smtp_tls_security_level = may
smtpd_tls_security_level = encrypt
here is the master.cf that i uncommitted as per your suggestion.
-o smtpd_tls_security_level=encrypt
Now i am getting NDR like this.
<sir...@gmail.com>: host 127.0.0.1[127.0.0.1] said: 530 5.7.0 id=30222-02 -
Rejected by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025):
530
5.7.0 Must issue a STARTTLS command first (in reply to end of DATA
command)
actually i am confused that in books it is said that
smtp_tls_security_level is for MTA to MTA communication
and
smtpd_tls_security_level is for client to MTA communication.
no matter if these are mention in master.conf the purpose remain the same.
and i have set "may" on smtp not smtpd parameter. then why smtpd parameter
value "encrypt" is colliding or messing the smtp work?
This is my actual confusion maybe i am wrong with the concept or i am doing
it wrong.
the the point which is actually catching my attention is that when i change
the value of smtpd_tls_security_level = may and smtp_tls_security_level =
may (mean both set to "may") and commit the line "-o
smtpd_tls_security_level = encrypt in master.cf"
every thing back to normal but my problem is on port 25 my client can
connect and even sand email which i dont want i want my clients to force
submission on port 587 only.
any help will be highly appreciated.
Thanks,
Yousfu
