I have an Ubuntu installation (16.04) where I run postfix as my mail server, and mailman to host a couple of mailing lists I manage. I recently discovered the postfix commands: smtp_tls_security_level and smtpd_tls_security_level. The recommendation is to set both levels to encrypt. This helps cut down on spam enormously because a lot of spambots don't support TLS when connecting to deliver their load of refuse. The mailserver silently drops the connection.
However, mailman uses a direct SMTP connection to the local mail server (127.0.0.1), and when the security level is set to encrypt, the delivery is silently ignored. The interesting thing is that when I send a message, it gets saved in the pipermail archive, but the message is never delivered.
Now, when I remark out smtpd_tls_security_level = encrypt in the /etc/postfix/main.cf file, mailman starts to work again. With the smtp_... version on, it does cut down on the volume of spam, but having both options set to encrypt is much more effective.
My question: is there a way to get mailman to deliver using postfix's sendmail binary instead of directly connecting to SMTP? If it would do that, the mail would be delivered just fine and I could have both options set to encrypt.
Or does anyone have any suggestions on how I could configure postfix to make an exception just for mailman and other connections on 127.0.0.1? I would prefer the former because it's clean, but I want to make this work.
