Scrollout F1 is my major defence against all incoming spam waves. Using it for quite some time now, easily hosted at Hetzner, I have tweaked around some of the settings. Here I will document the change I needed to make to send email from my Mac OS infrastructure outgoing through the Scrollout F1 appliance.
Unfortunately, after updating the Scrollout Appliance once again (by entering
/var/www/bin/update.sh force
I ran into the following error when trying to send email:
This is the mail system at host my.mailserver.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<target@mailaddress.somewhere>: host my.mailserver [10.20.30.40] said: 530-5.7.0
Must issue a STARTTLS command first 530 5.7.0 For assistance, see
Admin or contact +49351XXXXXXX. Please provide the following
information in your problem report: Time: (Mar 09 22:24:08), Client:
(192.168.30.40), Server: (my.mailserver). (in reply to MAIL FROM
command)
Reporting-MTA: dns; my.mailhost
X-Postfix-Queue-ID: AFDDA182DF3F0
X-Postfix-Sender: rfc822; me@myaddress
Arrival-Date: Sat, 9 Mar 2019 22:24:07 +0100 (CET)
The solution was a bit quirky, but I at least found out, that this problem can be resolved by changing a setting in main.cf of postfix. The line
smtpd_tls_security_level=encrypt
would have to be changed into
smtpd_tls_security_level=may
Once I changed it, the sending out of email did work again. Until, I used the Scrollout F1 frontend to change some settings. Then I was back at the start because postfix was running with TLS security level ENCRYPT again. So I thought that somewhere in F1 the defaults must be buried, and voilá, I found the following:
grep -rnw '/var/' -e 'smtpd_tls_security_level=encrypt'
/var/www/cfg/agresivity/9/master.cf:26: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/5/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/10/master.cf:26: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/2/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/8/master.cf:27: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/4/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/6/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/1/master.cf:34: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/7/master.cf:27: -o smtpd_tls_security_level=encrypt
/var/www/cfg/agresivity/3/master.cf:34: -o smtpd_tls_security_level=encrypt
Means I found the defaults! Different ones for different protection levels ..
I changed the settings in these default files from „encrypt“ to „may“. Now the setting remain even when I change the configuration through the web frontend of F1 …
