Smarthost TLS is required, but was not offered by host



Firstly, thanks guys for what seems like an awesome project!

I’m playing around with NethServer 7.7.1908 and when setting up the email server I also setup a smarthost. Occasionally, not on all emails, when I check the queue there is half a dozen or so emails that have the error message:

“TLS is required, but was not offered by host”

What I don’t understand is why this happens to only a few emails. If I remove the smart host and flush the mail queue the emails get sent successfully. I have used 2 different smarthosts and both get the same issue. One is my ISP and the other is an internal mail server.

Any help would be most appreciated…


1 Like

we may ask for TLS, but IIRC we do not require it

cc @davidep

Could you attach an excerpt of /var/log/maillog?

Hi davidep,

Here are the 2 excerpts as requested the first using the internal mail server as smarthost and the second using the ISPs mail server (domains changed for display purposes):

Oct 22 18:27:27 nethserver postfix/smtp[16517]: ADD8516B091: to=<>, relay=[]:25, delay=0.12, delays=0.1/0.02/0/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host[])
Oct 22 18:27:31 nethserver postfix/smtpd[16511]: connect from unknown[]
Oct 22 18:27:31 nethserver rspamd[9394]: ; proxy; proxy_accept_socket: accepted milter connection from /var/run/rspamd/worker-proxy

Here is the ISP log excerpt:

Oct 23 10:24:56 nethserver postfix/smtp[5619]: 47E8216F37A: to=<@<>,[]:25, delay=8655, delays=8655/0.04/0.5/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host[])



That host seems to not advertise the STARTTLS command

$ nc -C 25
220 mail-server-domain ESMTP mail service ready
250-SIZE 52428800

I guess you have to enable the Allow unencrypted connections checkbox. Keep in mind your passwords will be sent in clear-text!

Thanks David, but I can’t find the Allow unencrypted option anywhere. It’s not with smart host settings. Can you please tell me where it’s located?

In Server Manager:

  • Email > Smarthost > Send mail using a smarthost > Allow unencrypted connections (set checked)

In (Cockpit) Server Manager:

  • System > Settings > Smart Host > Use a smarthost > Encrypted connections (set unchecked)

Just for the record, there’s also a link to System > Settings in the Email > Relay panel

You’re a God! Thank you so much…

1 Like

Thank you, if my answer solves you issue please don’t forget to mark the topic as solved!

Done! Thanks again

1 Like