Postfix chiffre les communications entrantes seulement

Salut tous,

J’ai une courte question et j’espère qu’un gourou postfix pourra m’expliquer ce qui cloche et que je n’ai pas vu: Postfix me chiffre les mails entrants seulement en proposant starttls mais ne chiffre pas les mails sortants en essayant starttls si possible. Lorsque j’envoie un mail vers un serveur qui offre starttls, mon serveur ne lance pas de négo starttls (ou alors elle échoue silencieusement). Je vous copie le postconf -n ci-dessous. Je précise que je suis sur ubuntu et pas debian, m’enfin ça se ressemble:

alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_template_file = /etc/postfix/bounce-fr.cf config_directory = /etc/postfix delay_warning_time = 3h disable_vrfy_command = yes home_mailbox = Maildir/ inet_interfaces = all mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}" message_size_limit = 30480000 milter_default_action = accept milter_protocol = 2 non_smtpd_milters = inet:localhost:8891 notify_classes = delay, bounce, resource, software recipient_delimiter = + relay_clientcerts = hash:/etc/postfix/clientcerts smtp_tls_CApath = /etc/ssl/certs/ smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP Coucou bouh! smtpd_client_restrictions = smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unauth_destination, check_client_access hash:/var/local/postfix/whiteliste, reject_unknown_helo_hostname, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit_tls_clientcerts, reject_sender_login_mismatch , check_policy_service inet:127.0.0.1:2501, reject_rbl_client backscatter.spameatingmonkey.net, reject_rbl_client bl.spameatingmonkey.net, reject_rhsbl_sender fresh.spameatingmonkey.net, reject_rhsbl_client fresh.spameatingmonkey.net, reject_rhsbl_sender uribl.spameatingmonkey.net, reject_rhsbl_client uribl.spameatingmonkey.net, reject_rhsbl_sender urired.spameatingmonkey.net, reject_rhsbl_client urired.spameatingmonkey.net, permit smtpd_relay_restrictions = permit_mynetworks, permit_tls_clientcerts, permit_sasl_authenticated, reject_unauth_destination, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/dovecot/dovecot.pem smtpd_tls_fingerprint_digest = sha1 smtpd_tls_key_file = /etc/dovecot/private/dovecot.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom

Par ailleurs, n’hésitez pas à faire des remarques sur la config de manière générale. Merciiii !

Alors la réponse est simple: smtpd ----> smtp