I recently deployed postfix-mta-sts-resolver on my iRedMail server (See this issue Snawoot/postfix-mta-sts-resolver#99 ) and would not get email deliverability to ProtonMail, Gmail and Outlook however work perfectly fine.

Changing this setting smtp_tls_CAfile = $smtpd_tls_CAfile to smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt fixed the issue.

What I'm asking for is for the default configuration to be changed to as I've listed above, the current iRedMail configuration result in postfix not being able to obtain the correct certificate when smtp_tls_security_level is set to secure or if postfix-mta-sts-resolver is installed by the administrator.

• iRedMail version (check /etc/iredmail-release): iRedMail 1.6.2
• Deployed with iRedMail Easy or the downloadable installer? Downloadable Installer
• Linux/BSD distribution name and version: Ubuntu 22.04
• Store mail accounts in which backend: MariaDB
• Web server: Nginx