Hello,
our provider only accepts smtp connections on port 465. Postfix then tells us:
ciphermail postfix/smtp[11396]: SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger)
But when we add these two parameters, Postfix cannot connect to Ciphermail anymore:
Aug 31 07:35:29 ciphermail postfix/qmgr[11267]: 4RbtHP2bcGz7S0M: from=<s.guenther@in-put.de>, size=445, nrcpt=1 (queue active)
Aug 31 07:35:29 ciphermail postfix/smtp[11280]: SSL_connect error to 127.0.0.1[127.0.0.1]:10025: -1
Aug 31 07:35:29 ciphermail postfix/smtp[11280]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
Aug 31 07:35:29 ciphermail postfix/smtp[11280]: 4RbtHP2bcGz7S0M: to=<praxis@xxxx>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.05, delays=0.02/0.03/0/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)
Removing the two parameters again, allows internal connections but no external connections. Can I solve this by further changes in the Postfix configuration or does it require a change to the Ciphermail configuration?
Hi,
but doesn’t the error occur when Postfix tries to connect to port 10025 where Ciphermail is listening?
This is a fresh Ciphermail installation, therefore the values for the ciphers are:
Because you changed the global postfix setting for smtp_tls_security_level and smtp_tls_wrappermode it means that it will be used for all smtp connections. What you should do it to only configure this for the smtp service used for outgoing email but not for the smtp connector which sends to the local back-end.