Postfix: set up outgoing server to server encryption

tls postfix

I'm trying to configure postfix that it sends a mail encrypted with TLS to the recipient server.

What I have: receiving mails encrypted (other server -> my server) and users can connect encrypted to my server.

Server: Debian 7.2 with postfix 2.9.6

config lines:

/etc/postfix/main.conf (relevant codelines)

smtp_tls_security_level = may
smtp_use_tls = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

/etc/postfix/tls_policy (just for testing, I want it for all domains)

google.com encrypt
.google.com encrypt
gmail.com encrypt
.gmail.com encrypt

I tried some combinations of the above and even put it directly in the master.conf, but nothing works:

Dec 10 10:10:21 myserver postfix/smtp[7101]: 9019B4583500: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.70.26]:25, delay=0.96, delays=0.13/0.01/0.27/0.55, dsn=2.0.0, status=sent (250 2.0.0 OK 1386666621 u49si13392861eep.148 - gsmtp)

What am I doing wrong?


You must set smtp_tls_security_level to a value other than none or may (what you have now).

Note that there are a lot of other factors playing into this, and you may need to set other values as well. See postfix' TLS README.

Related

Why isn't tomcat serving the correct SSL certificate
VPN server not responding, no indications of blocked traffic
Avoid file conflict in rpm package
Elastic Beanstalk CLI - "a float is required"
Samba will not accept the credentials
Can SMB3 Multipathing be weighted by policy?
IAM policy to restrict access to one VPC
Pros / cons of using password-less OpenVPN client keys
"Deny Logon Locally" effects
Is there a way to script the installation of System Center Configuration Manager updates listed in Software Center?
Out-of-order chef recipes causing apt package install to fail
How to Install RVM and RUBY to the specific user in the salt-minion