TLS Security Level

From Run Your Own
Revision as of 10:04, 19 July 2023 by 320x200 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Some servers and clients might be stricter with TLS policies making in some case impossible for postfix to deliver an email. A typical error looks like this:

Jul 19 10:26:16 servername postfix/smtp[1234567]: C0DED34D: to=<someone@somewhere.else>, relay=mail.something.something[XXX.XXX.XXX.XXX]:25, delay=6, delays=0.06/0.02/5.4/0.48, dsn=5.7.1, status=bounced (host mail.something.something[XXX.XXX.XXX.XXX] said: 550 5.7.1 Session encryption is required (in reply to RCPT TO command))

To make sure postfix is able to deliver emails to such servers, by adapting its behavior, add the following in `/etc/postfix/main.cf`

smtp_tls_security_level = may
smtpd_tls_security_level = may