Topic: TLS SUPPORT : Your server's response did not include "250-STARTTLS" in
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: Ubuntu 16.04LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):NIGINX
- Manage mail accounts with iRedAdmin-Pro?Yes
- Related log if you're reporting an issue:
====
Recently I noticed some issues in my log file:
Apr 17 18:01:56 mx postfix/anvil[31661]: statistics: max connection rate 1/60s for (smtpd:103.28.42.100) at Apr 17 17:58:35
Apr 17 18:01:56 mx postfix/anvil[31661]: statistics: max connection count 1 for (smtpd:103.28.42.100) at Apr 17 17:58:35
Apr 17 18:01:56 mx postfix/anvil[31661]: statistics: max cache size 1 at Apr 17 17:58:35
Apr 17 18:11:22 mx postfix/qmgr[1755]: 18ACE5E0AD8: from=<**********>, size=7515, nrcpt=1 (queue active)
Apr 17 18:11:23 mx postfix/smtp[31836]: 18ACE5E0AD8: enabling PIX workarounds: disable_esmtp delay_dotcrlf for mail.ctrack.com[207.46.163.106]:25
Apr 17 18:11:23 mx postfix/smtp[31836]: 18ACE5E0AD8: host mail.ctrack.com[207.46.163.106] said: 454 4.7.0 Connection is not TLS encrypted. Recipient organization requires TLS. [SN1NAM01FT003.eop-nam01.prod.protection.outlook.com] (in reply to RCPT TO command)
Apr 17 18:11:29 mx postfix/smtp[31836]: 18ACE5E0AD8: enabling PIX workarounds: disable_esmtp delay_dotcrlf for mail.ctrack.com[216.32.180.170]:25
Apr 17 18:11:29 mx postfix/smtp[31836]: 18ACE5E0AD8: to=<*****@ctrack.com>, relay=mail.ctrack.com[216.32.180.170]:25, delay=433145, delays=433138/0.02/7.1/0.18, dsn=4.7.0, status=deferred (host mail.ctrack.com[216.32.180.170] said: 454 4.7.0 Connection is not TLS encrypted. Recipient organization requires TLS. [BN3NAM01FT064.eop-nam01.prod.protection.outlook.com] (in reply to RCPT TO command))The mail is then returned to my mail user.
The other mail domain (ctrack.com) is being hosted by Microsoft.
When I do a mail server check on my own mail server using the mxtoolbox.com web site, it reports that my server does not support STARTTLS. This is their explanation of the error:
Your SMTP email server does advertise support for TLS. After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support.
I have checked in the main.cf config file of my Postfix, and I have
smtp_tls_security_level = mayWhat is the problem?
How do I fix this?
Regards
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.