Thanks again Ziqin..
Used stmp+tls:// Mcq said: Feb 20 15:43:55 mcq postfix/submission/smtpd[356367]: connect from ool-44c65689.dyn.optonline.net[68.198.86.137] Feb 20 15:43:55 mcq postfix/submission/smtpd[356367]: Anonymous TLS connection established from ool-44c65689.dyn.optonline.net[68.198.86.137]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Pi said: Feb 20 15:43:55 NAS smtpd[5537]: e7e63d597aca7c59 smtp connected address=local host=NAS.sbanetweb.com Feb 20 15:43:55 NAS smtpd[5537]: e7e63d597aca7c59 smtp message msgid=52602db8 size=276 nrcpt=1 proto=ESMTP Feb 20 15:43:55 NAS smtpd[5537]: e7e63d597aca7c59 smtp envelope evpid=52602db8f7826126 from=<r...@nas.sbanetweb.com> to=<t...@sbanetweb.com> Feb 20 15:43:55 NAS smtpd[5537]: e7e63d597aca7c59 smtp disconnected reason=quit Feb 20 15:43:55 NAS smtpd[5537]: e7e63d5d01330d1f mta connecting address=smtp+tls://96.224.250.24:587 host=mcq.sbanetweb.com Feb 20 15:43:55 NAS smtpd[5537]: e7e63d5d01330d1f mta connected Feb 20 15:43:55 NAS smtpd[5537]: e7e63d5d01330d1f mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 Feb 20 15:43:55 NAS smtpd[5537]: e7e63d5d01330d1f mta error reason=SSL certificate check failed Feb 20 15:43:55 NAS smtpd[5537]: smtp-out: Disabling route [] <-> 96.224.250.24 (mcq.sbanetweb.com) for 15s Feb 20 15:43:57 NAS smtpd[5537]: smtp-out: No valid route for [connector:[]->[relay:mcq.sbanetweb.com,port=587,smtp+tls,mx],0x0] Feb 20 15:44:06 NAS smtpd[5537]: 0000000000000000 mta delivery evpid=52602db8f7826126 from=<r...@nas.sbanetweb.com> to=<t...@sbanetweb.com> rcpt=<-> source="-" relay="mcq.sbanetweb.com" delay=11s result="TempFail" stat="Network error on destination MXs" Feb 20 15:44:10 NAS smtpd[5537]: smtp-out: Enabling route [] <-> 96.224.250.24 (mcq.sbanetweb.com) -----Original Message----- From: Ziqin Wang <zi...@wangziqin.net> Sent: Thursday, February 20, 2025 3:29 PM To: Wayne Spivak <wspi...@sbanetweb.com> Cc: misc@opensmtpd.org Subject: Re: Unable to relay, port 25 blocked > On 21 Feb 2025, at 03:52, Wayne Spivak <wspi...@sbanetweb.com> wrote: > > Feb 20 14:50:22 NAS smtpd[4965]: d4c46b28c2848cb0 mta connected Feb 20 > 14:50:22 NAS smtpd[4965]: d4c46b28c2848cb0 mta error reason=IO Error: > error:0A00010B:SSL routines::wrong version number Feb 20 14:50:22 NAS > smtpd[4965]: smtp-out: Disabling route [] <-> 96.224.250.24 > (mcq.sbanetweb.com) for 15s When sending to port 587, you should not use the "smtps://" proto, use "smtp+tls://" or "smtp://" instead. In smtpd.conf, "smtps://" means implicit TLS, which usually works on port 465, while "smtp+tls://" and "smtp://" support explicit TLS (i.e. STARTTLS), which usually works on port 25 or 587. Your Postfix server on mcq probably expects plain text or STARTTLS input on port 587.
