2

I have setup a local mail server using postfix and dovecot. I now want fetchmail to get my mails from another server and deliver them locally. I am getting errors, however, since fetchmail does not use STARTTLS when connecting via SMTP to the local postfix:

reading message 852 of 853 (18519 octets) (log message incomplete)
SMTP> MAIL FROM:<XXXXXXXXXXX> SIZE=18519
SMTP< 530 5.7.0 Must issue a STARTTLS command first
SMTP error: 530 5.7.0 Must issue a STARTTLS command first
SMTP server requires STARTTLS, keeping message.
SMTP> RSET

According to this previous question this is because fetchmail does not support STARTTLS when talking to an SMTP server and states that it

is normally not a problem, as it usually delivers emails locally.

I therefore conclude that my configuration is flawed in some way. I want connections to postfix to be secure when a MUA delivers mail but obviously I cannot enforce it if I want to use fetchmail. Is it the way to go to relax the security constraints in postfix's master.cf for SMTP and only enforce STARTTLS for SUBMISSION?

Community
  • 1
sigy
  • 121
  • 3
  • Could you instead have `fetchmail` talk directly to the mail delivery agent and cut Postfix out of the loop? – thrig Mar 28 '17 at 20:53

1 Answers1

0

Had the same problem and found this solution from Mr Postfix himself:

/etc/postfix/master.cf:

192.168.1.1:smtp  inet  n       -       -       -       -       smtpd
  127.0.0.1:smtp  inet  n       -       -       -       -       smtpd
            -o smtpd_tls_security_level=may

This, together with smtpd_tls_security_level = encrypt in main.cf (as a global setting) should do the trick.

ckujau
  • 1,385
  • 6
  • 15