Postfix error for office365: TLS library problem - wrong version number

I am trying to reconfigure a (currently working) debian 10 postfix configuration because we have moved to Office365 as SMTP server. The postfix mail configuration is only used for sending out mails that the server itself generates (logcheck mails etc). The only change I thought I had to make was changing the relayhost setting from: relayhost = some.mail.provider:465 to: relayhost = smtp.office365.com:587 **Problem:** However, that doesn't work. In /var/log/syslog I get Sep 21 15:03:30 pasteur postfix/smtp: SSL_connect error to smtp.office365.com[40.101.137.34]:587: -1 Sep 21 15:03:30 pasteur postfix/smtp: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: Sep 21 15:03:30 pasteur postfix/smtp: EC2809EF92: Cannot start TLS: handshake failure **Question**: Anybody knows a solution? I played around with various postfix settings in /etc/postfix/main.cf but that doesn't work. For example, changing smtp_tls_security_level = encrypt to ... = may results in syslog entries such as smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt" (or stronger) My postfix settings in /etc/postfix/main.cf are: # Ansible managed smtpd_banner = $myhostname ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html # default to 2 on fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # Enable SASL authentication smtp_sasl_auth_enable = yes smtp_sasl_password_maps = static::************ smtp_sasl_security_options = noanonymous smtp_tls_wrappermode = yes smtp_use_tls = yes smtp_tls_security_level = encrypt # General myhostname = pasteur..com myorigin = /etc/mailname mydestination = $myhostname localhost.$mydomain localhost pasteur mynetworks = "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all relayhost = smtp.office365.com:587