On 10/8/2019 12:42 PM, Super-User wrote:
All,
We are not getting our emails stuck in the spam folders of gmail but they are
saying our emails are not encrypted.
The emails received show a "red padlock" and when you click on the pad lock it
says we are not encrypting our emails.
I thought I have the correct settings to encrypt our outgoing emails, but I see
the following errors in my log files.
::::::::::::::
Error
::::::::::::::
Oct 4 10:03:05 posta postfix/smtpd[29824]: [ID 947731 mail.crit] fatal:
unexpected command-line argument: !SSLv3,
Oct 4 10:03:06 posta postfix/master[27581]: [ID 947731 mail.warning] warning:
process /usr/local/tools/postfix/libexec/smtpd pid 29814 exit status 1
Oct 4 10:03:06 posta postfix/master[27581]: [ID 947731 mail.warning] warning:
/usr/local/tools/postfix/libexec/smtpd: bad command startup -- throttling
Oct 4 10:03:06 posta postfix/master[27581]: [ID 947731 mail.warning] warning:
process /usr/local/tools/postfix/libexec/smtpd pid 29815 exit status 1
Oct 4 10:03:06 posta postfix/master[27581]: [ID 947731 mail.warning] warning:
process /usr/local/tools/postfix/libexec/smtpd pid 29824 exit status 1
I do not understand why !SSLv3 is an "unexpected command-line argument".
smtpd is for receiving mail. The above error has no impact on
sending mail, but likely prevents postfix from receiving mail (maybe
on the submission service).
For the above error, maybe there is a stray space in master.cf or
some hidden garbage character in main.cf. Plain old "vi" is the best
editor to use for config files. Other editors -- especially those
convenient GUI editors -- can leave invisible garbage if you're not
careful with the editor settings.
For problems with sending mail, look for errors with the smtp process.
I'd start with removing all of the non-standard exclude ciphers and
tls protocol parameters and then add them back in one at a time
until you find where it breaks. It's possible to exclude so much
that the sender and receiver can't find a common protocol+cipher,
resulting in mail falling back to plain text.
submission inet n - n - - smtpd
-o smtpd_tls_security_level=may
The above line is usually "encrypt" for submission service.
-o smtp_tls_security_level=may
The above line has no effect on smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
My best guess is the above line is somehow borked on your master.cf.
Remove the line and see if the "unexpected argument" error goes away.
-o smtpd_sasl_security_options=noanonymous
-o broken_sasl_auth_clients=yes
-- Noel Jones
