使用 STARTTLS 进行 Postfix 中继 - 需要 TLS，但主机未提供

我需要通过外部 SMTP 发送电子邮件，使用 STARTTLS，我的 postconf -n 是：

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 0.0.0.0/0
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relayhost = xx.xx.xx.xx:2525
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
unknown_local_recipient_reject_code = 550

在 /etc/postfix/sasl_passwd 文件中

xx.xx.xx.xx:2525   user:password

在 /etc/postfix/tls_policy 中

xx.xx.xx.xx:2525 encrypt

我有这个错误：

Jul  6 17:49:11 ip-10-1-4-140 postfix/smtp[25156]: 95F826276D: to=<[email protected]>, relay=xx.xx.xx.xx[xx.xx.xx.xx]:2525, delay=0.43, delays=0.23/0.01/0.19/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx])

任何想法？