I am trying to setup my postfix (on CentOS 8) to work with Amazon SES as
SMTP relay host.
Amazon SES requires:
relayhost = [email-smtp.eu-west-2.amazonaws.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
If I use the above lines in main.cf, mails are not delivered with the
following error in logs:
TLS is required, but was not offered by host 127.0.0.1
If I comment "smtp_tls_security_level = encrypt" and add
"smtp_tls_security_level = may" in main.cf, postfix successfully
delivers emails.
More info:
- I have LE certs already installed on the server
- I have "smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt" in main.cf
and ca-bundle.crt is available.
I would appreciate any insight to fix this problem. Also, is
"smtp_tls_security_level = may" a security problem?
Thank you.
