Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix SSL client config

Expand Messages
  • Reindl Harald
    ... yes, but not for the postfix-client as you have even quoted ... so use port 587 instead 465
    Message 1 of 3 , Mar 29, 2013
    • 0 Attachment
      Am 29.03.2013 13:16, schrieb sullivan@...:
      > I'm trying to set up a simple email relay host, with my home
      > linux box sending to smtp.indra.com.
      > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
      > and I need to use SSL to talk to indra.
      >
      > I think SSL works on port 465 because I can use openssl to connect

      yes, but not for the postfix-client as you have even quoted

      > Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port
      > smtps/465) is unimplemented
      > Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
      > submission/587) with STARTTLS

      so use port 587 instead 465
    • /dev/rob0
      ... This should be the bracketed form as you used below, to inhibit MX lookup of the name. Also, the smtp_sasl_password_maps entry must exactly match the
      Message 2 of 3 , Mar 29, 2013
      • 0 Attachment
        On Fri, Mar 29, 2013 at 06:16:54AM -0600, sullivan@... wrote:
        > I'm trying to set up a simple email relay host, with my home
        > linux box sending to smtp.indra.com.
        > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
        > and I need to use SSL to talk to indra.
        >
        > I think SSL works on port 465 because I can use openssl to connect:
        >
        > openssl s_client -crlf -connect smtp.indra.com:465
        > AUTH LOGIN
        > 334 VXNlcm5hbWU6 # base64 prompt for "Userid:"
        > (send my base64 userid)
        > 334 UGFzc3dvcmQ6 # base64 prompt for "Password:"
        > (send my base64 password)
        > 235 2.0.0 OK Authenticated
        >
        > I tried to do this in postfix, by using
        > main.cf:
        > relayhost = smtp.indra.com:465

        This should be the bracketed form as you used below, to inhibit MX
        lookup of the name. Also, the smtp_sasl_password_maps entry must
        exactly match the relayhost; this could be the reason why you didn't
        authenticate.

        > smtp_sasl_auth_enable = yes
        > smtp_sasl_mechanism_filter = login
        > smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
        > sasl/passwd:
        > [smtp.indra.com]:465 lastName:myPasswd

        Like this.

        > postmap sasl/passwd
        > service postfix restart
        >
        > I get in /var/log/mail.log:
        >
        > Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode
        > (port smtps/465) is unimplemented

        There is a workaround using stunnel(1) which is documented in
        TLS_README.html#client_smtps , but you should follow this advice:

        > Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
        > submission/587) with STARTTLS

        ... and get STARTTLS working on 587. You did not show any evidence
        that you tried to do that.

        http://www.postfix.org/TLS_README.html#client_tls

        > When I change to the port from 465 to 587 in the above 2 files
        > and restart postfix, I get in /var/log/mail.log:
        >
        > Mar 29 06:09:33 helix postfix/pickup[5513]: A06D318122B: uid=5555
        > from=<firstName.lastName@...>
        > Mar 29 06:09:33 helix postfix/cleanup[5726]: A06D318122B:
        > message-id=<20130329120933.GA5714@...>
        > Mar 29 06:09:33 helix postfix/qmgr[10564]: A06D318122B:
        > from=<firstName.lastName@...>, size=611, nrcpt=1 (queue active)
        > Mar 29 06:09:40 helix postfix/smtp[5728]: A06D318122B:
        > to=<lastName@...>, relay=smtp.indra.com[209.169.0.20]:587,
        > delay=7.2, delays=0.09/0/6.9/0.14, dsn=4.7.1, status=SOFTBOUNCE (host
        > smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
        > Access denied (in reply to RCPT TO command))
        >
        >
        > # postqueue -p
        > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
        > A06D318122B 611 Fri Mar 29 06:09:33 firstName.lastName@...
        > (host smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
        > Access denied (in reply to RCPT TO command))
        > lastName@...
        >
        > Any thoughts?

        If this isn't enough to get you going, see here before posting again:

        http://www.postfix.org/DEBUG_README.html#mail
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      Your message has been successfully submitted and would be delivered to recipients shortly.