I have postfix setup and recently added SSL Cert. I am trying to force outgoing emails to use TLS. I am using client Thunderbird,settings port 465 Use SSL/TLS Authentication Use Normal Password
The emails go but are not encrypted (I can tell as sending the email to a gmail account -gmail tells you if it's encrypted or not).
TLS section of postfix/main.cf:
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
# Comment: removed smtpd_use_tls = yes and replaced with smtpd_tls_security_level=encrypt
smtpd_tls_security_level=encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
Checked Mail.log/Mail.err/mail.warn and nothing jumps out as an error in not being able to encrypt
Any suggestions on what I can do to find the cause?
Hi,
I have the exact same issue. Did you ever resolve this?
Thanks
Nope. Sounds like a bug then.
Howdy,
It doesn't sound like you're seeing a bug, just a Postfix configuration issue there.
What is the output of the command "postconf -n"?
-Eric
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictionspostconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mydestination = server, localhost.domain.net, localhost
mydomain = domain.net
myhostname = my.domain.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination permit_inet_interfaces
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sender_restrictions = reject_unlisted_sender
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
This is still an open issue for me. I posted postconf -n results to here and the forum question, but no response. Having to keep unsecure information out of server emails until I can get this resolved.