mandatory tls for outgoing mails

[itacamo]

Hi there,

I want to setup mandatory tls for ALL outgoing mails as default. I already managed it to setup mandatory tls for all incoming mails, but have some troubles setting it up for the outgoing mails.
I already changed "smtp_tls_security_level" to encrypt, but it's not working because of the pmg-filter.
The log shows that the following:
pmg postfix/lmtp[1104]: 731A3810E6: to=<xyz>, relay=127.0.0.1[127.0.0.1]:10023, delay=1159, delays=1159/0.04/0.04/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])

I already tried changing the master.cf template from tls none to encrypt, but it's not working.

Are there any ideas?

Thank you!

 

[Stoiko Ivanov]

pmg postfix/lmtp[1104]: 731A3810E6: to=<xyz>, relay=127.0.0.1[127.0.0.1]:10023, delay=1159, delays=1159/0.04/0.04/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])

Try setting the 'smtp_tls_security_level' setting on the postfix instance on port 10025 in master.cf - maybe this works.

if not you might need to create another smtp service there (smtpmusttls) and set the option there and additionally point the smtpd on port 10025 to use that as it's outgoing transport...

Just to have mentioned it -keep in mind that requiring TLS on all SMTP connections will cause some mails not to get delivered (as not all SMTP servers offer TLS)!