TLS is required, but was not offered by host

#1

Hi

Sometimes when sending emails, I have the following error.

mail.log reads

 postfix/smtp[924291]: 2E22E21203A8: to=<xxxxx.yyyy@somedomain.td>, relay=smtp3.9services.com[84.96.93.164]:25, delay=71998, delays=71998/0.03/0.27/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host smtp3.9services.com[84.96.93.164])

I am not sure if it is a postfix configuration that must be tweaked (I’ve read on some forums about setting
smtp_use_tls to may) or is it a port issue (if so what do i have to check)?

Please, help would be appreciated?

#2

MiaB sets smtp_tls_security_level = dane. as smtp_use_tls is obsolete.

The dane setting will use may when no TLSA record is found, which includes the following policy:

With opportunistic TLS, mail delivery continues even if the server certificate is untrusted or bears the wrong name. When the TLS handshake fails for an opportunistic TLS session, rather than give up on mail delivery, the Postfix SMTP client retries the transaction with TLS disabled. Trying an unencrypted connection makes it possible to deliver mail to sites with non-interoperable server TLS implementations.

Based on the log entry you posted:

TLS is required, but was not offered by host

My guess is that the server requires an obsolete TLS or for some reason does not offer a TLS session while not allowing plain text.

In other words, this seems like a problem with the receiving server.

Do messages from a freemail provider go through?