On Wed, Jul 12, 2023 at 11:15:14AM +0200, Ralf Hildebrandt via Postfix-users
wrote:
> > smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
> > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
>
> Try adding:
>
> smtp_tls_key_file = $smtpd_tls_key_file
> smtp_tls_cert_file = $smtpd_tls_cert_file
A knee-jerk response to Configure a random client certificate to present
to some random server is unlikely to solve the problem.
When I send a probe (sendmail -bv) to postmas...@pwc.com, no request for
"TLS athentication" occurs:
postfix/pickup[99363]: D4EDF130B11: uid=1001 from=<...>
postfix/cleanup[99523]: D4EDF130B11: message-id=<...>
postfix/qmgr[39752]: D4EDF130B11: from=<...>, size=292, nrcpt=1 (queue
active)
postfix/smtp[99528]: Untrusted TLS connection established to
mx07-00096706.pphosted.com[185.132.181.231]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix/smtp[99528]: D4EDF130B11: to=<postmas...@pwc.com>,
relay=mx07-00096706.pphosted.com[185.132.181.231]:25, delay=2.8,
delays=0.01/0.03/2.4/0.43, dsn=2.1.5, status=deliverable (250 2.1.5 Recipient
ok)
The probe notification message confirms the above:
<postmas...@pwc.com>: delivery via
mx07-00096706.pphosted.com[185.132.181.231]:25: 250 2.1.5 Recipient ok
The OP's issue is most likely that ProofPoint expect messages from the
envelope sender in question to be *outbound*, because they host the
sender domain, and for outbound mail, they require authentication.
This could be viewed as an anti-forgery mechanism. If you want to send
mail via their systems on behalf of the domain in question, the outbound
traffic has to be authenticated.
The key question here is what was the "anotherdomain.com" (sender
address domain part) in the OP's post, and is it a ProofPoint customer
for outbound and/or inbound email delivery?
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
