> On Feb 3, 2018, at 1:21 PM, Karol Augustin <ka...@augustin.pl> wrote: > > I have few people connecting using Macs. I had similar issue when I > upgraded libssl to 1.1.0f-4 all of them couldn't connect as they are > still using TLS 1.0. I had to temporarily downgrade to 1.1.0f-3 until > the problem was fixed in 1.1.0g-1. The problem was that developers > decided to disable TLS1.0, which impacted a lot of things.
This is not consistent with the OP's logs for the failed session: Jan 29 16:44:57 fbsd63 postfix/smtpd[93113]: connect from unknown[118.174.201.202] Jan 29 16:44:57 fbsd63 postfix/smtpd[93113]: Anonymous TLS connection established from unknown[118.174.201.202]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jan 29 16:44:59 fbsd63 postfix/smtpd[93113]: warning: unknown[118.174.201.202]: SASL PLAIN authentication failed: Jan 29 16:45:05 fbsd63 postfix/smtpd[93113]: warning: unknown[118.174.201.202]: SASL PLAIN authentication failed: Jan 29 16:45:11 fbsd63 postfix/smtpd[93113]: warning: unknown[118.174.201.202]: SASL PLAIN authentication failed: Jan 29 16:45:21 fbsd63 postfix/smtpd[93113]: warning: unknown[118.174.201.202]: SASL PLAIN authentication failed: Connection lost to authentication server TLS is set up just fine. What's failing is SASL. Perhaps there are different authentication settings on port 587 than on 25, and remaking the email account has the effect of switching the submission port? Other factors to consider: http://www.postfix.org/postconf.5.html#smtpd_sasl_local_domain http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options -- Viktor.
