Postfix Bouncing Issue

[Alan Stevens]

When my mailserver receives mail, it uses the following setting "smtpd_tls_security_level = may" to accept non-TLS connections. However, when it sends mail it really wants TLS and uses "smtp_tls_security_level = encrypt" to enforce the secure connection. I also have set "sender_dependent_relayhost_maps = hash:/etc/postfix/bysender" to ensure all the mail of my users is relayed via Amazon SES. This is to stop Microsoft Office 365 blocking my server IP every month when I send out invoices to my customers.

What I think is happening is this:

1. I am receiving an email my server decides to bounce.
2. When it bounces, bysender restrictions do not apply and I try to send the bounce message back to the originating server via my local MTA.
3. This requires TLS and I fail to send the message because the recipient's server does not accept TLS.

Mar 12 09:31:52 srvrxxxxb postfix/smtp[7759]: 92D272021D: to=<abc@pqrs.net>, relay=mail.pqrs.net[aa.bb.cc.dd]:25, delay=306923, delays=306923/0.02/0.44/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host mail.pqrs.net[aa.bb.bb.cc])

How can I handle this bounce correctly? I guess what I want to do is not send the bounce via the local MTA.

I have Googled the heck out of this and so far have really not had any luck in finding something that looks like a solution.

Also, please note I have a transport_map set like this:-

transport_maps = mysql:/etc/postfix/mysql/transport_maps.cf

Which just returns the transport type of "dovecot" from a mySQL query.

Any insight is appreciated.

 

[ChrisHirst]

YOU can't, if the receiving mail server does not accept/offer TLS for incoming transfers there is nothing YOU can do about it other than turning TLS off at your server.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.