I have managed to get Postfix installed and working perfectly except for one small thing relating to sending mail and TLS. The Architecture: Ubuntu 16.04 Postfix (Newest Version) Exchange 2010 Comodo Wildcard Certificate The Setup: Exchange sends mail to Postfix using a Smarthost with no authentication, does scanning and signing and sends it on it's way to the destination server This is a pretty simple question. I am getting this on gmail: Received: from fqdn of exchange server (exchange, domain, local [address of my exch server]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail, domain, com (Postfix) with ESMTPS id 100AB62B71 for <myaddress gmail.com>; Fri, 11 Aug 2017 23:22:54 -0700 (MST) And this on the return email from CheckTLS: ====tls negotiation successful (cypher: DHE-RSA-AES256-GCM-SHA384, client cert: Subject Name: undefined;Issuer Name: undefined How do I get it to hand the cert off to the server that Postfix connects to? My /etc/postfix/main.cf TLS info: # TLS parameters smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_received_header = yes smtpd_tls_auth_only = yes smtp_tls_note_starttls_offer = yes smtp_tls_ciphers = export smtpd_tls_cert_file=/etc/postfix/public.pem smtpd_tls_key_file=/etc/postfix/private.pem smtpd_tls_CApath = /etc/ssl/certs/ smtpd_tls_CAfile = /etc/postfix/comodoca.pem smtpd_use_tls=yes smtp_tls_cert_file=/etc/postfix/public.pem smtp_tls_key_file=/etc/postfix/private.pem smtp_tls_CApath = /etc/ssl/certs/ smtp_tls_CAfile = /etc/postfix/comodoca.pem When I run: "openssl s_client -connect localhost:25 -starttls smtp | openssl x509 -noout -text", I get all the info about my Comodo wildcard cert. Second issue: When I try to send mail using smtp_tls_security_level = verify (or secure), I get messages in the log "(TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])" I have googled the hell out of both of these issues, nothing seems to address them. Can anyone help me out please?
