Hello Noel, As you suggest, I enabled TLS wrappermode on both senders servers and the internal server, set "smtp_tls_security_level = encrypt " to senders servers and it seems perfect now. Thanks a lot Noel and Thank you all too! Samuel
Le mer. 17 août 2022 à 17:42, Noel Jones <njo...@megan.vbhcs.org> a écrit : > On 8/17/2022 10:04 AM, Sam R wrote: > > > > Currently I use the following settings: > > transport_maps = hash:/etc/postfix/transport > > domain.fr <http://domain.fr> smtp:[192.168.X.X]:465 > > This works but I get the following Postfix message: > > SMTPS wrappermode (TCP port 465) requires setting > > "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = > > encrypt" (or stronger) > > Apparently you're sending plain text mail to port 465. Standard > practice is for port 465 to use smtps TLS wrappermode. > > > > > If I put these additional settings, it doesn't work anymore because > > the internal address of my servers doesn't match the certificate > > that is created with the external addresses (I have a handshake failure) > > This likely has nothing to do with certificate verification. > > Apparently the internal server isn't configured for TLS > "wrappermode" on port 465 causing the delivery to fail when you turn > on encryption. > > > You have a couple of choices... > > - Configure the internal server to use TLS wrappermode on port 465, > and enable wrappermode as the log warning suggests. > > - Use a different port, possibly 587. Likely the two systems will > negotiate STARTTLS and send mail encrypted. > > > If you need further help, share your "postconf -nf" and "postconf > -Mf" and the actual log lines of both successful delivery and what > happens after you add the -o smtp_tls_wrappermode=yes > http://www.postfix.org/DEBUG_README.html#mail > > > > -- Noel Jones >
