postfix submission port is set to enforce encryption and require a client cert. It works if you disable the client cert in postfix and on the client. claws-mail has a pkcs#12 file set up for sending and retrieving. the IMAP part works nicely. On the sending side you run into an SSL error. With debug you get: ``` ssl.c:247:SSL_connect thread returned -50 ** (claws-mail:19632): WARNING **: SSL connection failed (The request is invalid.) ** (claws-mail:19632): WARNING **: couldn't start TLS session. ** (claws-mail:19632): WARNING **: [02:02:00] couldn't start TLS session (claws-mail:19632): Claws-Mail-WARNING **: send: error: 220 2.0.0 Ready to start TLS ** (claws-mail:19632): WARNING **: [02:02:00] Error occurred while sending the message. session.c:363:session (0xe58d10): closed session.c:237:session (0xe58d10): destroyed ``` To me it looks like it doesn't wait for the starttls ack from the server but starts right away. Tested the setup with gnutls-cli/openssl s_client/msmtp and all work as expected.
JFYI: it is not required for the server to require the client cert. just configuring one is enough to trigger the bug.