NethServer Version: 7 Module: Mail - postfix - SMTP
Hello,
It’s my first post so first of all I would like to say hello to all of you. I have 1 quick question and maybe a suggestion. I’m by no means postfix specialist, but in my understanding:
smtpd_tls_security_level - enable TLS when SMTP is receiving mail
smtp_tls_security_level - enable TLS when SMTP is sending mail
I have fresh Nethserver installation and by default it is set like that:
[root@myserver ~]# postconf | grep -i smtpd_tls_security_level
smtpd_tls_security_level = may
TLS is working when I send mail from Thunderbird client on my PC to the server
TLS is NOT working when my server sends mail it received from PC to gmail (red lock icon in GMail)
To fix this I changed only 1 parameter
[root@myserver ~]# postconf -e ‘smtp_tls_security_level = may’
[root@myserver ~]# postconf | grep -i smtp_tls_security_level
smtp_tls_security_level = may
[root@myserver ~]# systemctl restart postfix
I think TLS now works properly (GMail says I’m using TLS now - red lock icon disappeared).
Question:
Will changing smtp_tls_security_level to “may” break anything? If not - do you think it would be a good idea to have this parameter set to “may” as default Nethserver setting?
Correct me if i’m wrong but postfix configuration will be lost if not changed from esmith with every reboot or configuration change from web page
In my test environment Gmail reported that mails deliverd from my nethserver mail server are not encrypted (little red unlocked Padlock under source email address).
I tried to force through esmith with :
smtp_tls_security_level = yes
but nethserver refused to deliver email falsely reporting that gmail server does not support TLS.
From my understanding when nethserver talks with gmail server it cant recognize that it supports TLS encryption
checked settings that “smtp_tls_security_leve = yes” is there with the following command
cat /etc/postfix/main.cf | grep -v '^#' | sed -r '/^( |\t|$)/ d' | sort
send mail but its stuck on Mail Queue
mail logs
mail postfix/master[18635]: warning: process /usr/libexec/postfix/smtp pid 18639 exit status 1
mail postfix/master[18635]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling
mail postfix/smtp[18656]: fatal: Invalid TLS level "yes"
First of all - thank you for helping me I have few conclusions to share.
Parameter “smtp_tls_security_level = may” has not broken anything so far. GMail is properly seeing that TLS is in use.
Setting smtp_tls_security_level using “postconf -e ‘smtp_tls_security_level = may’” is not a good solution. It will survive reboot, but it won’t survive changing mail settings in web server manager.
Method provided by @Nomedor is working. Reboots or configuration changes done through web server manager are not erasing parameter values set in “/etc/e-smith/templates-custom/etc/postfix/main.cf/70extra_options”
@Nomedor your method is working. You have problems, because you set “smtp_tls_security_level = yes”. “yes” is not a valid parameter. When you will use a valid parameter it will work for sure