When sending mail from my client through a mail server that is then using AWS SES as a mail relay I'm seeing this in the postfix log as each message moves through:
smtp: Untrusted TLS connection established to email-smtp.us-west-1.amazonaws.com[13.57.144.53]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)smtp: D34E420866249C: to=<recipient@domain.tld>, relay=email-smtp.us-west-1.amazonaws.com[13.57.144.53]:587, delay=0.81, delays=0/0.11/0.52/0.17, dsn=2.0.0, status=sent (250 Ok 0111017774953167-f6df400f-aa87-43ab-8ca6-6c5534c50e17-000000)If the connection is "untrusted" but SES requires TLS (which is set up, though perhaps not correctly) for security why are messages still sent on.
Things are working... I'm just surprised that they are.
I followed AWS's SES with Postfix docs. Main difference with my setup is I couldn't use smtp_tls_security_level = encrypt, as suggested, because that was blocking inbound smtpd transactions. Setting it back to smtp_tls_security_level = may gets the mail through but logs say smtp is "untrusted" even though connection seems to succeed?!? Not sure if these are related but that's all I got.
Anything I can fix/improve?
