Symptoms
When Postfix 2.8 or higher on submission port 587 is used as mail server some mail messages cannot be delivered to the server due to the fact that sender does not use TLS encryption and uses, for example, STARTTLS.
Cause
Since submission port is always required to be encrypted, in Plesk with Postfix 2.8 and higher versions,
is set to
smtpd_tls_security_level
, which forces TLS encryption when communicating with the mail server. It was done to correspond with security protocol requirements. Â
encrypt
Resolution
Functionality when TLS encryption on port 587 is optional is not yet implemented in Plesk.Â
Take part in our product improvement and vote for this feature on Plesk User Voice portal.
As workaround proceed with the following:
- Connect to the server via SSHÂ
-
Open
/etc/postfix/master.cfÂ
file in any text editor and change these lines from:submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=
to
submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=
NOTE: These changes may be overwritten by any Plesk update.Â