Changing the defaults – Scrollout F1

Scrollout F1 is my major defence against all incoming spam waves. Using it for quite some time now, easily hosted at Hetzner, I have tweaked around some of the settings. Here I will document the change I needed to make to send email from my Mac OS infrastructure outgoing through the Scrollout F1 appliance.

Header View of Scrollout F1

Unfortunately, after updating the Scrollout Appliance once again (by entering

/var/www/bin/update.sh force

I ran into the following error when trying to send email:

This is the mail system at host my.mailserver.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                  The mail system

<target@mailaddress.somewhere>: host my.mailserver [10.20.30.40] said: 530-5.7.0
   Must issue a STARTTLS command first 530 5.7.0 For assistance, see
   Admin or contact +49351XXXXXXX. Please provide the following
   information in your problem report: Time: (Mar 09 22:24:08), Client:
   (192.168.30.40), Server: (my.mailserver). (in reply to MAIL FROM
   command)
Reporting-MTA: dns; my.mailhost
X-Postfix-Queue-ID: AFDDA182DF3F0
X-Postfix-Sender: rfc822; me@myaddress
Arrival-Date: Sat,  9 Mar 2019 22:24:07 +0100 (CET)

The solution was a bit quirky, but I at least found out, that this problem can be resolved by changing a setting in main.cf of postfix. The line

smtpd_tls_security_level=encrypt

would have to be changed into

smtpd_tls_security_level=may

Once I changed it, the sending out of email did work again. Until, I used the Scrollout F1 frontend to change some settings. Then I was back at the start because postfix was running with TLS security level ENCRYPT again. So I thought that somewhere in F1 the defaults must be buried, and voilá, I found the following:

grep -rnw '/var/' -e 'smtpd_tls_security_level=encrypt'
/var/www/cfg/agresivity/9/master.cf:26: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/5/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/10/master.cf:26: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/2/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/8/master.cf:27: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/4/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/6/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/1/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/7/master.cf:27: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/3/master.cf:34: -o smtpd_tls_security_level=encrypt

Means I found the defaults! Different ones for different protection levels ..

I changed the settings in these default files from „encrypt“ to „may“. Now the setting remain even when I change the configuration through the web frontend of F1 …

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

19 − drei =

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.