On 8/17/2022 10:04 AM, Sam R wrote:
Currently I use the following settings:
transport_maps = hash:/etc/postfix/transport
domain.fr <http://domain.fr> smtp:[192.168.X.X]:465
This works but I get the following Postfix message:
SMTPS wrappermode (TCP port 465) requires setting
"smtp_tls_wrappermode = yes", and "smtp_tls_security_level =
encrypt" (or stronger)
Apparently you're sending plain text mail to port 465. Standard
practice is for port 465 to use smtps TLS wrappermode.
If I put these additional settings, it doesn't work anymore because
the internal address of my servers doesn't match the certificate
that is created with the external addresses (I have a handshake failure)
This likely has nothing to do with certificate verification.
Apparently the internal server isn't configured for TLS
"wrappermode" on port 465 causing the delivery to fail when you turn
on encryption.
You have a couple of choices...
- Configure the internal server to use TLS wrappermode on port 465,
and enable wrappermode as the log warning suggests.
- Use a different port, possibly 587. Likely the two systems will
negotiate STARTTLS and send mail encrypted.
If you need further help, share your "postconf -nf" and "postconf
-Mf" and the actual log lines of both successful delivery and what
happens after you add the -o smtp_tls_wrappermode=yes
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
