I recently set up a Postfix mail server on Ubuntu to relay emails from my apps to Office365. Postfix to O365 works without problem but I also want my apps to connect to Postfix using TLS where possible.
I enabled port 465 under master.cf and added the following to my main.cf file:
# Server to Server
smtp_tls_security_level = encrypt
smtp_use_tls = yes
smtp_tls_note_starttls_offer=yes
smtp_tls_loglevel = 2
smtp_tls_key_file = /etc/ssl/private.key
smtp_tls_cert_file = /etc/ssl/relay_cert.cer
smtp_tls_CAfile = /etc/ssl/inter_cert.cer
relayhost = [domain-com.mail.protection.outlook.com]:25
# Client to Server
smtpd_tls_key_file = /etc/ssl/private.key
smtpd_tls_cert_file = /etc/ssl/relay_cert.cer
smtpd_tls_CAfile = /etc/ssl/inter_cert.cer
smtpd_use_tls=yes
smtpd_tls_security_level=may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
But when I try to send a test mail using SSL I get:
Send-MailMessage : The remote certificate is invalid according to the validation procedure.
In the Postfix logs, I don't get anything that would help:
lost connection after STARTTLS from server.domain.local[192.168.1.1]
The cert and intermediate cert seem fine, they work for the O365 communication, so I don't know what's going wrong.
Edit: connecting locally with openssl I was able to relay using ESMTPS, so possibly it's an issue with my Windows server.
openssl s_client -connect mailserver.domain.local:465 -starttls smtp