On Thu, Mar 03, 2016 at 11:31:50AM +0100, Dietrich Streifert wrote: > And here is the solution: > > I had to explicitely tell the smtp proxy to NOT use tls by specifying > > -o smtpd_use_tls=no > -o smtp_use_tls=no > -o smtpd_tls_security_level=none > -o smtp_tls_security_level=none
You're much confused about this being a "proxy" issue. There is no TLS-client code in the Postfix SMTP server, therefore with smtpd_proxy_filter TLS is never used. TLS is used with content_filters, you must have a content_filter transport that send email through a transparent proxy. The place to disable TLS is in the pre-filter smtp transport and/or the re-inject SMTP server. You did the latter, but the reason this solves the problem is unrelated to smtpd_proxy_filter. On Thu, Mar 03, 2016 at 09:41:07AM +0100, Dietrich Streifert wrote: > I'm running a smtp_proxy_filter on localhost:10024 as described in > http://postfix.cs.utah.edu/SMTPD_PROXY_README.html > > smtp inet n - n - - smtpd > -o smtpd_proxy_filter=localhost:10024 > -o smtpd_proxy_options=speed_adjust > -o smtp_send_xforward_command=yes This will never use TLS. You must have a content_filter in place. > smtp_tls_loglevel = 3 > smtpd_tls_loglevel = 3 This level of logging just obscures what's important with low-level noise, revert back to "1". > rewritten as <SRS0=ePVJ=O7=xxxx.yyyy.de=r...@yyyy.de> > Mar 3 09:26:47 node1 postfix/cleanup[29344]: 5392C35E3D9: > message-id=<20160303082647.5392c35e...@xxxx.yyyy.de> > Mar 3 09:26:47 node1 opendkim[11665]: 5392C35E3D9: DKIM-Signature field > added (s=default, d=zzzz.de) > Mar 3 09:26:47 node1 postfix/qmgr[20766]: 5392C35E3D9: > from=<srs0=epvj=o7=xxxx.yyyy.de=r...@yyyy.de>, size=449, nrcpt=1 (queue > active) Messages enter the queue *after* processing via smtpd_proxy_filter, not before. > Mar 3 09:26:47 node1 postfix/smtp[29350]: initializing the client-side TLS > Mar 3 09:26:47 node1 postfix/smtp[29350]: setting up TLS connection to > localhost[127.0.0.1]:10024 This is an TLS client connection from the smtp(8) SMTP client, not the smtpd(8) SMTP server, you must have a content_filter defined or a "FILTER" direction in some access(5) file. -- Viktor.
