Am 28.02.25 um 12:17 schrieb Viktor Dukhovni via Postfix-users:
The OP was looking for native support in Postfix for per-nexthop
(fallback nexthop) or port-specific wrapper mode. As Wietse noted,
this isn't presently available.
Hi all,
Viktor was correct. Currently, I've to configure the s
On Fri, Feb 28, 2025 at 11:55:14AM +0100, Jaroslaw Rafa via Postfix-users wrote:
> > Mandatory STARTTLS is not unencrypted. Postfix-to-Postfix over port 587
> > is not less secure than over 465. Just an extra couple of network
> > round-trips that don't much matter in email. Think of it as a le
Dnia 28.02.2025 o godz. 20:45:01 Viktor Dukhovni via Postfix-users pisze:
> > The OP can also wrap an unencrypted connection into stunnel, that should
> > work.
>
> Mandatory STARTTLS is not unencrypted. Postfix-to-Postfix over port 587
> is not less secure than over 465. Just an extra couple of
Dnia 27.02.2025 o godz. 18:50:08 Wietse Venema via Postfix-users pisze:
>
> There is no 'automatic' wrappermode at this time.
[...]
> For now, use port 587 and enforce a TLS security level that can
> match the server certificate.
The OP can also wrap an unencrypted connection into stunnel, that s
On Fri, Feb 28, 2025 at 10:31:03AM +0100, Jaroslaw Rafa via Postfix-users wrote:
> Dnia 27.02.2025 o godz. 18:50:08 Wietse Venema via Postfix-users pisze:
> >
> > There is no 'automatic' wrappermode at this time.
> [...]
> > For now, use port 587 and enforce a TLS security level that can
> > match
A. Schulze via Postfix-users:
> If I try "-o smtp_fallback_relay=[fallback_relay.example]:465" I get this log:
> Feb 27 22:35:58 mta postfix/with_fallback/smtp[7326]: SMTPS
> wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode
> = yes", and "smtp_tls_security_level = encrypt" (or stro
