On Mon, Aug 14, 2017 at 02:53:23PM +0400, Mohammed Khalid Ansari wrote: > I have configured my postfix to run on 587. When I choose connection type as > 'STARTTLS' everything is fine but when I choose 'SSL/TLS', the client throws > error.
That's expected, since port 587 is SMTP with STARTTLS negotiation. SMTP inside TLS is typically on port 465. http://www.postfix.org/TLS_README.html#server_enable TLS is sometimes used in the non-standard "wrapper" mode where a server always uses TLS, instead of announcing STARTTLS support and waiting for remote SMTP clients to request TLS service. Some clients, namely Outlook [Express] prefer the "wrapper" mode. This is true for OE (Win32 < 5.0 and Win32 >=5.0 when run on a port<>25 and OE (5.01 Mac on all ports). It is strictly discouraged to use this mode from main.cf. If you want to support this service, enable a special port in master.cf and specify "-o smtpd_tls_wrappermode=yes" (note: no space around the "=") as an smtpd(8) command line option. Port 465 (smtps) was once chosen for this feature. The sample master.cf file distributed with Postfix source code contains: #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING Just remove the "#" comment characters, and if necessary add appropriate settings for the "mua_..." parameters to main.cf. Note that there are some in the IETF who are trying to promote and standardize port 465 for email submission: https://tools.ietf.org/html/draft-ietf-uta-email-deep-08#section-3 While this may end up in a final published RFC, it probably won't have much of an impact on the deployed base of submission servers for quite some time. > I can configure 'STARTTLS' in outlook and proceed but on my cell phone I > don't have don't option and hence not able to connect. IIRC mobile phones that do email and the like do support STARTTLS, your problem may be with the phone not accepting the server certificate. Post the logs from your server associated with connections from your phone. -- Viktor.