Loading ...
Sorry, an error occurred while loading the content.

229073starttls problems

Expand Messages
  • travel kid
    Oct 31, 2007
    • 0 Attachment
      hello folks,

      i have setup a mail server to receive mail for virtual
      domains. i used
      http://workaround.org/articles/ispmail-etch/ as a
      guide. it is a debian etch system.

      i used thunderbird to attempt to send mail with the
      setting smtp 25, tls. i got the error

      an error occured sending mail. unable to connect to
      smtp server foobar.com via STARTTLS since it doesn't
      offer STARTTLS in ehlo response. please verify your
      mail/news setting.

      howerver i tried a telnet foobar.com smtp i did get a
      starttls response as show below. i am able to send
      mail from localhost though.

      i would appreciate some help on getting this resolved.





      220 hostname esmtp
      ehlo test@...
      250-hostname
      250-pipelining
      250-size 10240000
      250-vrfy
      250-etrn
      250-starttls
      250-enhancedstatuscodes
      250-8bitmime
      250 dsn

      ---------
      smtpd_banner = $myhostname ESMTP
      biff = no

      append_dot_mydomain = no

      delay_warning_time = 4h

      # TLS parameters
      smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
      smtpd_tls_key_file = /etc/ssl/private/postfix.pem
      smtpd_use_tls = yes
      smtpd_tls_session_cache_database =
      btree:${queue_directory}/smtpd_scache
      smtp_tls_session_cache_database =
      btree:${queue_directory}/smtp_scache

      myhostname = foobar.com
      alias_maps = hash:/etc/aliases
      alias_database = hash:/etc/aliases
      myorigin = /etc/mailname
      mydestination = localhost, xyz-fqdn.com
      relayhost =
      mynetworks = 127.0.0.0/8
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      virtual_mailbox_domains =
      mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
      virtual_uid_maps = static:5000
      virtual_gid_maps = static:5000
      virtual_mailbox_maps =
      mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
      virtual_alias_maps =
      mysql:/etc/postfix/mysql-virtual_alias_maps.cf
      virtual_transport = dovecot
      dovecot_destination_recipient_limit = 1
      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
      smtpd_sasl_auth_enable = yes
      smtpd_tls_auth_only = yes
      content_filter = smtp-amavis:[127.0.0.1]:10024
      receive_override_options = no_address_mappings



      smtpd_recipient_restrictions =
      reject_non_fqdn_sender
      reject_unknown_sender_domain
      reject_unknown_recipient_domain
      reject_non_fqdn_recipient
      permit_sasl_authenticated
      permit_mynetworks
      reject_unauth_destination
      check_recipient_access
      hash:/etc/postfix/roleaccount_exceptions
      check_helo_access
      pcre:/etc/postfix/helo_checks
      reject_non_fqdn_hostname
      reject_invalid_hostname
      check_sender_mx_access
      cidr:/etc/postfix/bogus_mx
      reject_rbl_client xbl.spamhaus.org
      permit


      postconf | grep smtp | grep -v '= '| grep tls




      smtp_enforce_tls = no
      smtp_sasl_tls_security_options =
      $smtp_sasl_security_options
      smtp_sasl_tls_verified_security_options =
      $smtp_sasl_tls_security_options
      smtp_starttls_timeout = 300s
      smtp_tls_CAfile =
      smtp_tls_CApath =
      smtp_tls_cert_file =
      smtp_tls_dcert_file =
      smtp_tls_dkey_file = $smtp_tls_dcert_file
      smtp_tls_enforce_peername = yes
      smtp_tls_exclude_ciphers =
      smtp_tls_key_file = $smtp_tls_cert_file
      smtp_tls_loglevel = 0
      smtp_tls_mandatory_ciphers = medium
      smtp_tls_mandatory_exclude_ciphers =
      smtp_tls_mandatory_protocols = SSLv3, TLSv1
      smtp_tls_note_starttls_offer = no
      smtp_tls_per_site =
      smtp_tls_policy_maps =
      smtp_tls_scert_verifydepth = 5
      smtp_tls_secure_cert_match = nexthop, dot-nexthop
      smtp_tls_security_level =
      smtp_tls_session_cache_database =
      btree:${queue_directory}/smtp_scache
      smtp_tls_session_cache_timeout = 3600s
      smtp_tls_verify_cert_match = hostname
      smtp_use_tls = no
      smtpd_client_new_tls_session_rate_limit = 0
      smtpd_enforce_tls = no
      smtpd_sasl_tls_security_options =
      $smtpd_sasl_security_options
      smtpd_starttls_timeout = 300s
      smtpd_tls_CAfile =
      smtpd_tls_CApath =
      smtpd_tls_always_issue_session_ids = yes
      smtpd_tls_ask_ccert = no
      smtpd_tls_auth_only = yes
      smtpd_tls_ccert_verifydepth = 5
      smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
      smtpd_tls_dcert_file =
      smtpd_tls_dh1024_param_file =
      smtpd_tls_dh512_param_file =
      smtpd_tls_dkey_file = $smtpd_tls_dcert_file
      smtpd_tls_exclude_ciphers =
      smtpd_tls_key_file = /etc/ssl/private/postfix.pem
      smtpd_tls_loglevel = 2
      smtpd_tls_mandatory_ciphers = medium
      smtpd_tls_mandatory_exclude_ciphers =
      smtpd_tls_mandatory_protocols = SSLv3, TLSv1
      smtpd_tls_received_header = no
      smtpd_tls_req_ccert = no
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database =
      btree:${queue_directory}/smtpd_scache
      smtpd_tls_session_cache_timeout = 3600s
      smtpd_tls_wrappermode = no
      smtpd_use_tls = yes

      __________________________________________________
      Do You Yahoo!?
      Tired of spam? Yahoo! Mail has the best spam protection around
      http://mail.yahoo.com
    • Show all 3 messages in this topic