Problem

When sending emails Postfix attempts to send with TLS security but the destination server is not configured to use certificates.

Environment

The related UCR variable is set correctly:
ucr set mail/postfix/tls/client/level=none

By using Swaks you see the following dialogue and sending works fine:

root@postfix:~ #swaks --from [admin@multi.ucs](mailto:admin@multi.ucs) --to [accounts-target@multi.ucs](mailto:target@multi.ucs) --server mx.multi.ucs
=== Trying mx.multi.ucs:25...
=== Connected to mx.multi.ucs.
<-  220 multi.ucs ESMTP SubEthaSMTP 3.1.7
-> EHLO mx.multi.ucs
<-  250-multi.ucs
<-  250-8BITMIME
<-  250-STARTTLS
<-  250 Ok
-> MAIL FROM:[<admin@multi.ucs>](mailto:admin@multi.ucs)
<-  250 Ok
-> RCPT TO:[<target@multi.ucs>](mailto:target@multi.ucs)
<-  250 Ok
-> DATA
<-  354 End data with <CR><LF>.<CR><LF>
-> Date: Fri, 29 May 2020 16:16:07 +0200
-> To: [target@multi.ucs](mailto:target@multi.ucs)
-> From: [admin@multi.ucs](mailto:admin@multi.ucs)
-> Subject: test Fri, 29 May 2020 16:16:07 +0200
-> Message-Id: [<20200529161607.009702@postfix.multi.ucs>](mailto:20200529161607.009702@postfix.multi.ucs)
-> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
-> .
<-  250 Ok
-> QUIT
<-  221 Bye
=== Connection closed with remote host.

But postfix still complains about a failingTLS:

May 26 16:26:56 postfix postfix/smtp: SSL_connect error to mx.multi.ucs[192.168.8.125]:25: -1
May 26 16:26:56 postfix postfix/smtp: warning: TLS library problem: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
failure:../ssl/record/rec_layer_s3.c:1407:SSL alert number 40:
May 26 16:26:56 postfix postfix/smtp: 8FCD34068F: Cannot start TLS: handshake failure

Solution

The target server offers TLS which is indicated by this line:
<- 250-STARTTLS

So postfix attempts to use TLS but as it is not configured on the target site it will fail. Configure your target mailserver either for proper TLS support or make sure it does not offer TLS at all.