Viktor, you are an absolute legend. Couldn’t see the woods through the trees.
Looks like as long as STARTTLS is present in the server response then it doesn’t matter if it’s a hyphen or space and the s_client.c library suggests it just looks for that keyword so that confirms it. Helps to tell it to encrypt outbound ;) Thank you :) > On 7/10/2021, at 18:30, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On Thu, Oct 07, 2021 at 06:01:45PM +1300, Andrew Hardy wrote: > >> The core of my issue is that the sending MTA receives the 250 STARTTLS >> from the receiving MTA but never replies with STARTTLS. The sending >> MTA has smtpd_tls_security_level = may defined. > > There's you problem "smtpd_tls_security_level" is for receiving email > (via smtpd(8)). The corresponding parameter for sending email (via > smtp(8)) is: smtp_tls_security_level. > > -- > Viktor. > > P.S. > > 1. ESMTP feature advertisements in the EHLO response are not > "headers", they are "keywords" that advertise ESMTP "service > extensions". > > 2. Postfix receives SMTP email via the smtpd(8) program, many of > whose particular tunable parameters start with "smtpd_". > > 3. Postfix sends SMTP email via the smtp(8) program, many of > whose particular tunable parameters start with "smtp_".
