Loading ...
Sorry, an error occurred while loading the content.

Postfix SSL client config

Expand Messages
  • sullivan@...
    Hi, I m trying to set up a simple email relay host, with my home linux box sending to smtp.indra.com. I m running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26, and
    Message 1 of 3 , Mar 29 5:16 AM
    • 0 Attachment
      Hi,

      I'm trying to set up a simple email relay host, with my home
      linux box sending to smtp.indra.com.
      I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
      and I need to use SSL to talk to indra.

      I think SSL works on port 465 because I can use openssl to connect:

      openssl s_client -crlf -connect smtp.indra.com:465
      AUTH LOGIN
      334 VXNlcm5hbWU6 # base64 prompt for "Userid:"
      (send my base64 userid)
      334 UGFzc3dvcmQ6 # base64 prompt for "Password:"
      (send my base64 password)
      235 2.0.0 OK Authenticated

      I tried to do this in postfix, by using
      main.cf:
      relayhost = smtp.indra.com:465
      smtp_sasl_auth_enable = yes
      smtp_sasl_mechanism_filter = login
      smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
      sasl/passwd:
      [smtp.indra.com]:465 lastName:myPasswd
      postmap sasl/passwd
      service postfix restart

      I get in /var/log/mail.log:

      Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port
      smtps/465) is unimplemented
      Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
      submission/587) with STARTTLS

      When I change to the port from 465 to 587 in the above 2 files
      and restart postfix, I get in /var/log/mail.log:

      Mar 29 06:09:33 helix postfix/pickup[5513]: A06D318122B: uid=5555
      from=<firstName.lastName@...>
      Mar 29 06:09:33 helix postfix/cleanup[5726]: A06D318122B:
      message-id=<20130329120933.GA5714@...>
      Mar 29 06:09:33 helix postfix/qmgr[10564]: A06D318122B:
      from=<firstName.lastName@...>, size=611, nrcpt=1 (queue active)
      Mar 29 06:09:40 helix postfix/smtp[5728]: A06D318122B:
      to=<lastName@...>, relay=smtp.indra.com[209.169.0.20]:587,
      delay=7.2, delays=0.09/0/6.9/0.14, dsn=4.7.1, status=SOFTBOUNCE (host
      smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
      Access denied (in reply to RCPT TO command))


      # postqueue -p
      -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
      A06D318122B 611 Fri Mar 29 06:09:33 firstName.lastName@...
      (host smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
      Access denied (in reply to RCPT TO command))
      lastName@...

      Any thoughts?

      Many thanks,

      Steve
    • Reindl Harald
      ... yes, but not for the postfix-client as you have even quoted ... so use port 587 instead 465
      Message 2 of 3 , Mar 29 5:54 AM
      • 0 Attachment
        Am 29.03.2013 13:16, schrieb sullivan@...:
        > I'm trying to set up a simple email relay host, with my home
        > linux box sending to smtp.indra.com.
        > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
        > and I need to use SSL to talk to indra.
        >
        > I think SSL works on port 465 because I can use openssl to connect

        yes, but not for the postfix-client as you have even quoted

        > Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port
        > smtps/465) is unimplemented
        > Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
        > submission/587) with STARTTLS

        so use port 587 instead 465
      • /dev/rob0
        ... This should be the bracketed form as you used below, to inhibit MX lookup of the name. Also, the smtp_sasl_password_maps entry must exactly match the
        Message 3 of 3 , Mar 29 6:36 AM
        • 0 Attachment
          On Fri, Mar 29, 2013 at 06:16:54AM -0600, sullivan@... wrote:
          > I'm trying to set up a simple email relay host, with my home
          > linux box sending to smtp.indra.com.
          > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
          > and I need to use SSL to talk to indra.
          >
          > I think SSL works on port 465 because I can use openssl to connect:
          >
          > openssl s_client -crlf -connect smtp.indra.com:465
          > AUTH LOGIN
          > 334 VXNlcm5hbWU6 # base64 prompt for "Userid:"
          > (send my base64 userid)
          > 334 UGFzc3dvcmQ6 # base64 prompt for "Password:"
          > (send my base64 password)
          > 235 2.0.0 OK Authenticated
          >
          > I tried to do this in postfix, by using
          > main.cf:
          > relayhost = smtp.indra.com:465

          This should be the bracketed form as you used below, to inhibit MX
          lookup of the name. Also, the smtp_sasl_password_maps entry must
          exactly match the relayhost; this could be the reason why you didn't
          authenticate.

          > smtp_sasl_auth_enable = yes
          > smtp_sasl_mechanism_filter = login
          > smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
          > sasl/passwd:
          > [smtp.indra.com]:465 lastName:myPasswd

          Like this.

          > postmap sasl/passwd
          > service postfix restart
          >
          > I get in /var/log/mail.log:
          >
          > Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode
          > (port smtps/465) is unimplemented

          There is a workaround using stunnel(1) which is documented in
          TLS_README.html#client_smtps , but you should follow this advice:

          > Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
          > submission/587) with STARTTLS

          ... and get STARTTLS working on 587. You did not show any evidence
          that you tried to do that.

          http://www.postfix.org/TLS_README.html#client_tls

          > When I change to the port from 465 to 587 in the above 2 files
          > and restart postfix, I get in /var/log/mail.log:
          >
          > Mar 29 06:09:33 helix postfix/pickup[5513]: A06D318122B: uid=5555
          > from=<firstName.lastName@...>
          > Mar 29 06:09:33 helix postfix/cleanup[5726]: A06D318122B:
          > message-id=<20130329120933.GA5714@...>
          > Mar 29 06:09:33 helix postfix/qmgr[10564]: A06D318122B:
          > from=<firstName.lastName@...>, size=611, nrcpt=1 (queue active)
          > Mar 29 06:09:40 helix postfix/smtp[5728]: A06D318122B:
          > to=<lastName@...>, relay=smtp.indra.com[209.169.0.20]:587,
          > delay=7.2, delays=0.09/0/6.9/0.14, dsn=4.7.1, status=SOFTBOUNCE (host
          > smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
          > Access denied (in reply to RCPT TO command))
          >
          >
          > # postqueue -p
          > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
          > A06D318122B 611 Fri Mar 29 06:09:33 firstName.lastName@...
          > (host smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
          > Access denied (in reply to RCPT TO command))
          > lastName@...
          >
          > Any thoughts?

          If this isn't enough to get you going, see here before posting again:

          http://www.postfix.org/DEBUG_README.html#mail
          --
          http://rob0.nodns4.us/ -- system administration and consulting
          Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
        Your message has been successfully submitted and would be delivered to recipients shortly.