On 4/8/2015 1:59 PM, Muhammad Yousuf Khan wrote: > I really hate my self when i do some thing confidently and doing it > very wrong. actually the parameter i typed in over all examples were > wrong. the correct one is "smtp_tls_security_level > and smtpd_tls_security_level" and ofcouse you may have notice them > in my "postconf -n". anyways mistake is a mistake. > > now can you please explain these wrong result in light of above > > > Where's the port 25(smtp) inet service? > > > do you mean this line "smtp inet n - n - - smtpd -v"sorry i missed > it. it was at the top and i copied the lower end of the file. >
remove the "-v" verbose logging. It won't help solve this problem, and will hide other problems in the flood. > here are main.cf <http://main.cf> parameters that you wanted me to > change > # cat /etc/postfix/main.cf <http://main.cf> | grep level > smtp_tls_security_level = may OK. > smtpd_tls_security_level = encrypt NO, this must be set to either may or no. > > here is the master.cf <http://master.cf> that i uncommitted as per > your suggestion. > > -o smtpd_tls_security_level=encrypt > > > > Now i am getting NDR like this. > <sir...@gmail.com <mailto:sir...@gmail.com>>: host > 127.0.0.1[127.0.0.1] said: 530 5.7.0 id=30222-02 - > Rejected by next-hop MTA on relaying, from > MTA(smtp:[127.0.0.1]:10025): 530 > 5.7.0 Must issue a STARTTLS command first (in reply to end of > DATA command) Because you require encryption, and your content_filter does not support (or isn't configured for) encryption. set main.cf "smtpd_tls_security_level = may" to fix this. > > > actually i am confused that in books it is said that > > smtp_tls_security_level is for MTA to MTA communication This is for your server sending mail out, which will usually be to another MTA or a content_filter. Set it to "may" because the receiving system might not support encryption. > > and > > smtpd_tls_security_level is for client to MTA communication. > no matter if these are mention in master.conf the purpose remain the > same. This is for receiving mail, which may be from another MTA, a content_filter, or a client. Set it to "may" because the sending system might not support encryption. > > > and i have set "may" on smtp not smtpd parameter. then why smtpd > parameter value "encrypt" is colliding or messing the smtp work? > This is my actual confusion maybe i am wrong with the concept or i > am doing it wrong. > > the the point which is actually catching my attention is that when i > change the value of smtpd_tls_security_level = may and > smtp_tls_security_level = may (mean both set to "may") and commit > the line "-o smtpd_tls_security_level = encrypt in master.cf > <http://master.cf>" > every thing back to normal but my problem is on port 25 my client > can connect and even sand email which i dont want i want my clients > to force submission on port 587 only. To enforce encryption for your users even when using port 25, set in main.cf: smtpd_tls_auth_only = yes -- Noel Jones
