Hi Peter and Noel,
What is wrappermode ?

I see i have it enabled both for submission and smtps. Is it enabled by default 
?
I can still send and receive email although some clients seem to have problems 
with it.

These are my master.cf entries:
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_tls_security_level=may
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o 
smtpd_sender_restrictions=permit_sasl_authenticated,reject_sender_login_mismatch
  -o 
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_tls_security_level=may
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o 
smtpd_sender_restrictions=permit_sasl_authenticated,reject_sender_login_mismatch
  -o 
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Apologies for the html logs earlier, i copied and pasted them, didn’t realize.


On 22 Aug 2017, at 04:44, Peter 
<pe...@pajamian.dhs.org<mailto:pe...@pajamian.dhs.org>> wrote:



On 22/08/17 10:44, Alef Veld wrote:
It's open, but i just don't get any welcome message.

Do not set smtpd_tls_wrappermode for port 587.

Usually switching to non secure and then back to SSL fixes it.

You'll be switching to SSL (as opposed to STARTTLS).  The appropriate
setting for port 587 is STARTTLS.


Peter

Reply via email to