When Postfix 2.8 or higher on submission port 587 is used as mail server some mail messages cannot be delivered to the server due to the fact that sender does not use TLS encryption and uses, for example, STARTTLS.
Since submission port is always required to be encrypted, in Plesk with Postfix 2.8 and higher versions,
is set to
, which forces TLS encryption when communicating with the mail server. It was done to correspond with security protocol requirements.
Functionality when TLS encryption on port 587 is optional is not yet implemented in Plesk.
Take part in our product improvement and vote for this feature on Plesk User Voice portal.
As workaround proceed with the following:
- Connect to the server via SSH
/etc/postfix/master.cffile in any text editor and change these lines from:
submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=
submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=
NOTE: These changes may be overwritten by any Plesk update.