> On Oct 22, 2018, at 11:01 AM, Emmanuel Jaep <emmanuel.j...@gmail.com> wrote:
>
> I just tried the configuration you were proposing:
> Main.cf
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> openrelay.customer.com
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
> defer_unauth_destination
Those are Postfix SMTP *server* settings that only affect *inbound* email.
> But I keep on getting:
> postfix/smtp[2540]: SSL_connect error to openrelay.customer.com
> [xx.xx.xx.xx]:25: -1
> postfix/smtp[2540]: warning: TLS library problem: error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c
These are logs from the Postfix SMTP *client*, trying to send *outbound* email.
They are completely unrelated.
> I believe that the parameters
> smtpd_use_tls=yes
This is an unrelated *server* setting.
> smtp_sasl_auth_enable = yes
This enables SASL outbound, but can't possibly cause TLS/SSL connection
problems.
DO NOT confuse SSL and SASL.
> are forcing to use sasl...
No. The real issue is that "openrelay.customer.com" has non-working STARTTLS.
--
Viktor.
