Reading http://www.postfix.org/TLS_README.html
Now which clarifies things a lot. I'll probably keep 465 with wrapper mode to support outlook expresss or other clients which want it and put 587 without. Thanks for the answer, I can now telnet to the port and get a greeting. I didn't understand it was encrypted, but that explains the logs as well. I have a inkling this will fix the problems with my mac clients as well. Sent from my iPhone On 22 Aug 2017, at 09:12, Alef Veld <alefv...@outlook.com<mailto:alefv...@outlook.com>> wrote: Hi Peter and Noel, What is wrappermode ? I see i have it enabled both for submission and smtps. Is it enabled by default ? I can still send and receive email although some clients seem to have problems with it. These are my master.cf entries: smtp inet n - n - - smtpd submission inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual -o smtpd_sender_restrictions=permit_sasl_authenticated,reject_sender_login_mismatch -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual -o smtpd_sender_restrictions=permit_sasl_authenticated,reject_sender_login_mismatch -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING Apologies for the html logs earlier, i copied and pasted them, didn’t realize. On 22 Aug 2017, at 04:44, Peter <pe...@pajamian.dhs.org<mailto:pe...@pajamian.dhs.org>> wrote: On 22/08/17 10:44, Alef Veld wrote: It's open, but i just don't get any welcome message. Do not set smtpd_tls_wrappermode for port 587. Usually switching to non secure and then back to SSL fixes it. You'll be switching to SSL (as opposed to STARTTLS). The appropriate setting for port 587 is STARTTLS. Peter
