Hi all, I just installed mailcow (I know a bit about running mailservers as I am Exchange admin too).
Any mail I send to a testuser from external (with gmx and outlook.com) is bounced seemingly by postfix with
550 TLS encryption required for mails from xxx.yyy
Outgoing mail is working as expected.
I have a Sophos Firewall in front of mailcow, which acts as MTA, and forwards one domain to mailcow, all other domains are sent to a different mailserver.
The postfix logs do show that a TLS 1.3 connection is successfully established between the Sophos MTA and postfix
This is what postfix logs just before it bounces:
disconnect from unknown[10.0.0.254] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
The IP 10.0.0.254 is the one of the Sophos MTA.
No errors are logged, just “info” lines.
After that disconnect line, you can see in the postfix logs how it is connecting to the smarthost and sending the bounce email.
I have tried to set smtpd_tls_security_level from “may” to “none”, including postfix restart, did not change anything.