postfix smtp Must issue a STARTTLS command first

When sending an email to a server, mail bounced with the following error message.

Action: failed
Status: 5.7.0
Remote-MTA: dns; mail01.riedelbau.de
Diagnostic-Code: smtp; 530 5.7.0 Must issue a STARTTLS command first

To fix the error, first enabled debug in postfix for the Remote-MTA, for this, edit file

vi /etc/postfix/main.cf

Add the following lines. You need to remove these lines after debug is completed or your log file will get larger with debug log.

debug_peer_list=mail01.riedelbau.de
debug_peer_level=3

Restart postfix mail server.

systemctl restart postfix

Now I send a mail, in /var/log/mail.log, I got the detailed error message.

Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 64
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 220 mail01.riedelbau.de ESMTP Fri, 17 Sep 2021 08:32:23 +0200 
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: EHLO smtp1.serverok.in
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_fflush_some: fd 14 flush 31
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 221
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-mail01.riedelbau.de Hello [173.249.63.91]
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-TURN
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-SIZE 36700160
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-ETRN
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-PIPELINING
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-DSN
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-ENHANCEDSTATUSCODES
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-8bitmime
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-BINARYMIME
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-CHUNKING
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-VRFY
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-TLS
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-STARTTLS
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250 OK
Sep 17 08:32:25 mail postfix/smtp[31356]: server features: 0x901f size 36700160
Sep 17 08:32:25 mail postfix/smtp[31356]: Using ESMTP PIPELINING, TCP send buffer size is 87040, PIPELINING buffer size is 4096
Sep 17 08:32:25 mail postfix/smtp[31356]: Host offered STARTTLS: [mail01.riedelbau.de]
Sep 17 08:32:25 mail postfix/smtp[31356]: smtp_stream_setup: maxtime=300 enable_deadline=0
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: MAIL FROM: SIZE=676
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: RCPT TO: ORCPT=rfc822;[email protected]
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: DATA
Sep 17 08:32:25 mail postfix/smtp[31356]: smtp_stream_setup: maxtime=300 enable_deadline=0
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_fflush_some: fd 14 flush 116
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 141
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 530 5.7.0 Must issue a STARTTLS command first

The error is fixed by running

postconf -e "smtp_tls_security_level=encrypt"
systemctl restart postfix

You may also need to check the value of smtpd_tls_CAfile

root@mail:~# postconf smtpd_tls_CAfile
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
root@mail:~#

If you don't have this set, run

postconf -e "smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"

See postfix

Leave a Reply Cancel reply