On Fri, Feb 19, 2016 at 02:55:45PM +0530, Jayesh Shinde wrote:
> I am doing this setting for sending email to "aexp.com" .
> w.r.t above info and docs i made below setting , but remote host saying
> "530 Must issue a STARTTLS command first."
The lookup key for the TLS policy table MUST match the verbatim
nexthop for the destination. If you're using transport tables to
send the traffic via a designated relay, the lookup key must match
the relay domain, not the recipient domain.
You may even be overriding the transport, and using other settings
in master.cf. Hard to know, you don't provide enough information.
Is your Postfix compiled with TLS support?
> [root@smtp1 postfix]# cat /etc/postfix/tls_policy
> aexp.com secure match=wppim001.aexp.com:.wppim001.aexp.com
This suggests you're routing aexp.com traffic explicitly to
wppim0001.aexp.com, otherwise why hard-code that name in the match
clause? What's wrong with:
# The default matching for "secure" is nexthop:dot-nexthop
# which should match the aexp MX host.
#
aexp.com secure
which should work provided you have no transport overrides, and your
Postfix is TLS-capable.
--
Viktor.
