On Sat, Jun 15, 2013 at 03:45:02AM +0200, Benny Pedersen wrote: > Nabil Alsharif skrev den 2013-06-15 02:59: > > >>> smtp_tls_note_starttls_offer = yes > >>> smtp_use_tls = yes > >> > >>smtp_ is for sending > >Ok so these two options are telling Postfix to check if STARTTLS > >is offered by the peer and use TLS if available, right? > > correct
smtp_tls_note_starttls_offer means to note (i.e., log) when a remote server offers STARTTLS. "smtp_use_tls=yes" is the same as (replaced by) "smtp_tls_security_level=may". All of these are covered in the TLS_README.html (except for the deprecated settings, of course.) And none of this is relevant to the $SUBJECT at hand. > >>> smtpd_banner = $myhostname ESMTP > >>> smtpd_recipient_restrictions = permit_mynetworks > >>>reject_unauth_destination > >>> smtpd_tls_CAfile = /etc/pki/dovecot/certs/dovecot.pem > >>> smtpd_tls_auth_only = yes > >> > >>this disable starttls since we already is using ssl/tls now Wrong, Benny. See postconf.5.html#smtpd_tls_auth_only and the correction posted by Jan, with which you tried to argue. > >huh? This part I don't quite understand. How are we > >disabling TLS? We're not. That was wrong. > >Where was it enabled before? when we said smtp_use_tls = yes? That deprecated setting is not relevant. > it does not disable tls/ssl, but it removes starttls in plain > connection without tls/ssl Also wrong. > smtpd vs smtp confusion ? > > with that setting all smtpd_ clients must use tls or ssl With smtpd_tls_security_level=encrypt, yes; not with smtpd_tls_auth_only=yes. Wrong and misleading posts will not help. I think the OP will have to fix the logging problem before we can solve this issue. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
