Hi everyone! I readed this articles about the subject, and try to put in actión the recomendations but not work for my configuration. 1 - HowtoForge Postfix: send using TLS 2 - HowtoForge: How to configure postfix to allow tls and non tls on port 587 My infraestructure is this: Ubuntu 12.04 TLS Postfix 2.9.6 Dovecot 2.0.19 ISPConfig 3.0.5.4 Result of the telnet commands are this: Telnet mail.xxx.com 25 220 mail.xxx.com ESMTP Postfix (Ubuntu) ehlo mail.xxx.com 250-mail.xxx.com 250-SIZE 31211520 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Telnet mail.xxx.com 587 220 mail.xxx.com ESMTP Postfix (Ubuntu) ehlo mail.xxx.com 250-mail.xxx.com 250-PIPELINING 250-SIZE 31457280 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN I have other server with the same configuration, the only diference is that this server have full configuration in one server and the telnet for the port 25 show this: 250-PIPELINING 250-SIZE 31457280 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN I compare the config files of the two servers and they are practically identical. Then I don't know why in one of my servers work correctly and in the other no. I try to comment the master.cf like till said after of the line submission, I restart the service but not work. submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING And I not sure about the solution of smtpd_tls_security_level=encrypt, because if I don't mistake, I read somewhere, that option may is used to avoid problems with servers that not support TLS. Thank you everyone for the help you can give me.
Hello I found a difference in the configuration of my main.cf of my server. The other config file has this option "smtpd_tls_auth_only = no", then I add this line to my main.cf and restart the service. The new line not gave me result, and I continue without TLS over port 25. I continue reading about the subject, and I find that can I add this options, but the other server does not have it. smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s Do you think this line help me to solve the behavior? I will add this options later, to see what gonna happen, but if you see something wrong in the main.cf please say me. Thank you.
