- Plesk for Linux
When Postfix 2.8 or higher is running with submission port 587 enabled as a mail server, some emails cannot be delivered to the server due to the fact that sender does not use TLS encryption and uses STARTTLS, for example.
Since submission port is always required to be encrypted, in Plesk with Postfix 2.8 and higher versions, smtpd_tls_security_level is set to encrypt, which forces TLS encryption when communicating with the mail server. It was done to correspond with security protocol requirements.
Functionality, when TLS encryption on port 587 is optional, is not yet implemented in Plesk.
Take part in our product improvement and vote for this feature on Plesk User Voice.
As workaround, apply the following solution:
Connect to a Plesk server via SSH.
Open the file /etc/postfix/master.cf in a text editor and replace these lines:
CONFIG_TEXT: submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=
CONFIG_TEXT: submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=
Note: These changes can be overwritten by any Plesk update.