1 (edited by borthner 2013-06-28 23:42:01)

Topic: Allowing port 587 submission with or without TLS

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

We are trying to set up a new server (Ubuntu 12.10 with iredmail-0.8.4 / MySQL) to take over from our existing mail server (Debian 6 with iredmail-0.8.4) and are running into a subtle configuration issue. On our old server, clients could log into port 587 with or without utilizing the StartTLS. On the new server, use of StartTLS is being enforced by the server. From the reading I have been able to do, it seems as if changing the -o smtpd_tls_security_level=encrypt to -o smtpd_tls_security_level=may should resolve this, but it doesn't seem to help. Any ideas where else I need to look?

Below is the configuration in /etc/postfix/master.cf
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=may
  -o smtpd_tls_auth_only=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

2

Re: Allowing port 587 submission with or without TLS

Why disable STARTTLS on submission? Submission is used for secure connection with TLS/SSL, if you need a insecure connection, just use port 25.