Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix as a Smart Host for Exchange 2010 with TLS

Expand Messages
  • Robert Schetterer
    ... by the way did you checked existing firewalls between the two servers i had problems with some firewalls tls using exchange relay postfix, sorry i dont
    Message 1 of 7 , Jan 10, 2012
    • 0 Attachment
      Am 09.01.2012 21:48, schrieb Noel Jones:
      > On 1/9/2012 2:24 PM, Ben Curtis wrote:
      >> First off, thanks for the help everyone!
      >>
      >>> Test postfix TLS with openssl to make sure postfix is working correctly.
      >>>
      >>> For port 25 (or 587) with STARTTLS
      >>> # openssl s_client -connect example.com:25 -starttls smtp
      >>>
      >>
      >> I'm using 587, and this seemed to functioned just fine from a remote host:
      >>
      >> --------------------------------------------------------------
      >> [root@server ~]# openssl s_client -connect mail.MYDOMAIN.com:587 -starttls smtp
      >> CONNECTED(00000003)
      > ...
      >
      >> 250 DSN
      >> quit
      >> 221 2.0.0 Bye
      >> closed
      >
      > OK, postfix TLS is working correctly.
      >
      >
      >> Below is the output of postconf, and under that is a log level 7 TLS
      >> negotiation.
      >
      > tls log levels above 1 are generally useless unless you are an
      > expert in openssl (which I'm not sufficiently).
      >
      > Likewise with verbose logging in postfix; the vast majority of
      > postfix config problems can be debugged with normal logging.
      >
      >>
      >> "postconf -n"
      >>
      >
      > no glaring errors in postconf.
      >
      >> --------------------------------------------------------------
      >>
      >>
      >> maillog with log level 7 (I just noticed the "QUIT" message below, but
      >> not sure how to interpret it)
      >
      > everything reasonably normal up to here.
      >
      >> Jan 9 20:12:18 ************ postfix/smtpd[11743]: Read 6 chars: QUIT??
      >
      > Remote site (Exchange) didn't like something and issued QUIT. No
      > reason for the QUIT is given nor expected in the postfix logs.
      >
      >> Jan 9 20:12:18 ************ postfix/smtpd[11743]: disconnect from
      >> **********[*******]
      >
      > remote site disconnected.
      >
      >
      > FWIW, it appears the TLS negotiation between postfix and exchange
      > worked since Exchange was able to send the QUIT over the encrypted
      > link, but Exchange didn't like something about the connection and so
      > disconnected. Since Exchange logs the message about an untrusted
      > certificate, there's no reason at this point to not believe that
      > message is accurate.
      >
      > Sorry, can't help any more. You might google around how to import a
      > certificate in Exchange, or how to mark a particular client as trusted.
      >
      >
      >
      > -- Noel Jones

      by the way did you checked existing firewalls between the two servers
      i had problems with some firewalls tls using exchange
      relay postfix, sorry i dont know how they were fixed by the firewall
      people involved

      --
      Best Regards

      MfG Robert Schetterer

      Germany/Munich/Bavaria
    Your message has been successfully submitted and would be delivered to recipients shortly.