Loading ...
Sorry, an error occurred while loading the content.

253678cant login via SSL on port 465

Expand Messages
  • admin2
    Jun 1, 2009
    • 0 Attachment
      hi there list people,

      I am just getting used to admin'ing postfix and got TLS working on both
      port 25 and port 587.

      I am now attempting to get SSL via port 465 working. I have the port
      answering, can see the banner, and can even authenticate when I 'telnet
      localhost 465' after generating a user's test string with "perl
      -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'"

      but when I use thunderbird, which authenticates fine with the old server
      running sendmail with SSL/port 465 answering. tbird just Hangs and
      eventually claims "the connection has failed"

      on the server side logs in /var/log/mail.info I can see the connection
      and then a disconnect. there is never authentication shown as granted.
      But the same exact account and password works fine with TLS via port
      587 or port 25.

      What else can I try? What should I be looking for?

      After the EHLO hostname

      250-enabled.com
      250-PIPELINING
      250-SIZE 10240000
      250-VRFY
      250-ETRN
      250-STARTTLS
      250-AUTH PLAIN LOGIN
      250-AUTH=PLAIN LOGIN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN

      and a slightly modified postconf -n - real IPs and domains removed.

      :/etc/postfix# postconf -n
      alias_database = hash:/etc/postfix/aliases
      hash:/var/lib/mailman/data/aliases
      alias_maps = hash:/etc/postfix/aliases hash:/var/lib/mailman/data/aliases
      append_dot_mydomain = no
      biff = no
      broken_sasl_auth_clients = yes
      config_directory = /etc/postfix
      delay_warning_time = 4h
      home_mailbox = Maildir/
      inet_interfaces = all
      inet_protocols = all
      mailbox_command = procmail -a "$EXTENSION"
      mailbox_size_limit = 0
      mydestination = $myhostname, localhost.$mydomain $mydomain
      mydomain = domain.com
      myhostname = domain.com
      mynetworks = 1.1.1.1/32 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
      myorigin = domain.com
      readme_directory = no
      recipient_delimiter = +
      relayhost =
      smtp_tls_note_starttls_offer = yes
      smtp_tls_security_level = may
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
      smtpd_recipient_restrictions =
      permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_local_domain =
      smtpd_sasl_security_options = noanonymous
      smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
      smtpd_tls_auth_only = no
      smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
      smtpd_tls_key_file = /etc/ssl/private/smtpd.key
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtpd_tls_session_cache_timeout = 3600s
      smtpd_use_tls = yes
      tls_random_source = dev:/dev/urandom
      unknown_local_recipient_reject_code = 550
      virtual_alias_domains = <domains here>
      virtual_alias_maps = hash:/etc/postfix/virtual
      hash:/var/lib/mailman/data/virtual-mailman


      Cheers,

      Noah
    • Show all 4 messages in this topic