[pfx] Re: sender_dependent_relayhost_maps using different ports

Sat, 15 Nov 2025 12:12:54 -0800 

Hans Carlson via Postfix-users:
> On Wed, 12 Nov 2025, Viktor Dukhovni via Postfix-users wrote:
> 
> > On Tue, Nov 11, 2025 at 02:00:57PM -0800, Hans Carlson via Postfix-users 
> > wrote:
> >
> >>   sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
> >
> > This changes only the nexthop hostname, but not the delivery transport.
> > Per the below, You'll need to set:
> >
> >    sender_dependent_default_transport_maps
> >
> >> sender_relay contains lines like this:
> >>
> >>   [email protected]    [smtp.isp1.com]:465
> >>   [email protected]    [smtp.isp1.com]:465
> >>   [email protected]    [smtp.isp2.com]:587
> >>   [email protected]    [smtp.isp2.com]:587
> >
> > Replace this with:
> >
> >    main.cf:
> >        indexed = ${default_database_type}:${config_directory}/
> >        sender_dependent_default_transport_maps = ${indexed}sender_transport
> >
> >    sender_transport:
> >        [email protected]    smtps:[smtp.isp1.com]:465
> >        [email protected]    smtps:[smtp.isp1.com]:465
> >        [email protected]    smtp:[smtp.isp2.com]:587
> >        [email protected]    smtp:[smtp.isp2.com]:587
> 
> So, I first made this change and all was good.  I was able to send email 
> from users @isp1.com and users @isp2.com without problems.
> 
> Then I went back and made the changes mentioned below regarding 
> smtp_tls_security_level=verify and reloaded the config and now I get this 
> message when I try to send from users @isp1.com and the mail is deferred.
> 
>    warning: smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt" 
> (or stronger)

That message appears when "smtp_tls_wrappermode = yes" and
smtp_tls_security_level is less than 'encrypt'

Code:

            if (var_smtp_tls_wrappermode
                && state->tls->level < TLS_LEV_ENCRYPT) {
                msg_warn("%s requires \"%s = encrypt\" (or stronger)",
                      VAR_LMTP_SMTP(TLS_WRAPPER), VAR_LMTP_SMTP(TLS_LEVEL));

(This is the only one code where this is logged.)

You may want to set both smtp_tls_security_level and smtp_tls_wrappermode
in master.cf rather than main.cf.

        Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to