EDIT #2 What's this error?
Aug 17 02:27:19 mail postfix/smtpd[1197]: lost connection after CONNECT from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1197]: disconnect from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1199]: lost connection after CONNECT from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1199]: disconnect from unknown[x.x.x.x]
EDIT:
telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 SRVMAIL.DOMAIN.com ESMTP Postfix
ehlo localhost
250-mail.breezpack.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
It doesn't show auth settings?
when tried: openssl s_client -starttls smtp -connect srvmail.domain.com:587
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = srvmail.domain.com
verify return:1
---
Certificate chain
0 s:/CN=srvmail.domain.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF8jCCBNqgAgEPADCCAQoCggEBALo77hAsj8p5n47uVXM/fXA7LlRS
NFRFzrOuWb8EE7rrMduIL9AVTLimHCq3b0sBnwDSp5NOx0ZGqWbnglewuP+1kgUB
NQtk5HstOW5h+Gu887QWfWgxYfc4VerhaOmiyWNETLdPDiaaISG
Iieu+Xa2Nwt6CFMB7eG2P2RVDWdrEiBLCxC1c7ucl/RApXpx5KV+xMXjf90CAwEA
AaOCAv0wggL5MGrMIGoghRhZ3JvdXAuYnJlZXpwYWNrLmNvbYIXYnJl
ZXptYWlsLmJyZWV6cGFjay5jb22CEWdwby5icmVlenBhY2suY29tghJpbWFwLmJy
ZWV6cGFjay5jb22CEm1haWwuYnJlZXpwYWNrLmNvbYIScG9wMy5icmVlenBhY2su
Y29tghRzZXJ2ZXIuYnJlZXpwYWNrLmNvbY
-----END CERTIFICATE-----
subject=/CN=srvmail.domain.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3613 bytes and written 462 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 88C59C5E9AB3051912D470E994EEDB3B7124750A8A71DCB3FFE43EA1170EA04C
Session-ID-ctx:
Master-Key: 1250671E949DCC8FC1B37B14BAC0B8359134979A61E0EDB4145F345526FCA5C5E29E10262F134B02E1854C2882DD741F
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 78 bf 36 99 bf bc 25 33-22 ed 98 a3 46 21 25 d3 x.6...%3"...F!%.
0050 - df 4c 69 08 45 95 ef 8c-d3 d5 75 c7 30 4f eb c7 .Li.E.....u.0O..
0060 - 82 01 fc 93 83 90 cd ba-d1 6a b8 85 57 99 6f 3b .........j..W.o;
0070 - 36 99 fe bd 8f 3f 32 fc-a5 47 3a 3d fd 99 2e 9b 6....?2..G:=....
0090 - 2f 10 fb 80 ab ca f1 a5-f2 a7 94 c5 41 c7 d3 76 /...........A..v
Start Time: 1597572721
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
but when i try to connect from thunderbird or outlook it says Encryption not detected and it doesn't connect without encryption
So basically it connect with ssl from local server but remotely it doesn't
main.cf
myhostname = srvmail.domain.com
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = all
smtpd_tls_cert_file = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/srvmail/privkey.pem
smtp_tls_CApath = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_tls_CApath = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_use_tls=yes
smtp_tls_security_level = may
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_use_tls=yes
master.cf
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/sumbission
-o smtpd_tls_wrappermode=no
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o mynetworks=127.0.0.0/8
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
-o milter_macro_daemon_name=ORIGINATING
please add
to your main.cf and restart Postfx.