Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix SSL client config

Expand Messages
  • /dev/rob0
    ... This should be the bracketed form as you used below, to inhibit MX lookup of the name. Also, the smtp_sasl_password_maps entry must exactly match the
    Message 1 of 3 , Mar 29, 2013
    • 0 Attachment
      On Fri, Mar 29, 2013 at 06:16:54AM -0600, sullivan@... wrote:
      > I'm trying to set up a simple email relay host, with my home
      > linux box sending to smtp.indra.com.
      > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
      > and I need to use SSL to talk to indra.
      >
      > I think SSL works on port 465 because I can use openssl to connect:
      >
      > openssl s_client -crlf -connect smtp.indra.com:465
      > AUTH LOGIN
      > 334 VXNlcm5hbWU6 # base64 prompt for "Userid:"
      > (send my base64 userid)
      > 334 UGFzc3dvcmQ6 # base64 prompt for "Password:"
      > (send my base64 password)
      > 235 2.0.0 OK Authenticated
      >
      > I tried to do this in postfix, by using
      > main.cf:
      > relayhost = smtp.indra.com:465

      This should be the bracketed form as you used below, to inhibit MX
      lookup of the name. Also, the smtp_sasl_password_maps entry must
      exactly match the relayhost; this could be the reason why you didn't
      authenticate.

      > smtp_sasl_auth_enable = yes
      > smtp_sasl_mechanism_filter = login
      > smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
      > sasl/passwd:
      > [smtp.indra.com]:465 lastName:myPasswd

      Like this.

      > postmap sasl/passwd
      > service postfix restart
      >
      > I get in /var/log/mail.log:
      >
      > Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode
      > (port smtps/465) is unimplemented

      There is a workaround using stunnel(1) which is documented in
      TLS_README.html#client_smtps , but you should follow this advice:

      > Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
      > submission/587) with STARTTLS

      ... and get STARTTLS working on 587. You did not show any evidence
      that you tried to do that.

      http://www.postfix.org/TLS_README.html#client_tls

      > When I change to the port from 465 to 587 in the above 2 files
      > and restart postfix, I get in /var/log/mail.log:
      >
      > Mar 29 06:09:33 helix postfix/pickup[5513]: A06D318122B: uid=5555
      > from=<firstName.lastName@...>
      > Mar 29 06:09:33 helix postfix/cleanup[5726]: A06D318122B:
      > message-id=<20130329120933.GA5714@...>
      > Mar 29 06:09:33 helix postfix/qmgr[10564]: A06D318122B:
      > from=<firstName.lastName@...>, size=611, nrcpt=1 (queue active)
      > Mar 29 06:09:40 helix postfix/smtp[5728]: A06D318122B:
      > to=<lastName@...>, relay=smtp.indra.com[209.169.0.20]:587,
      > delay=7.2, delays=0.09/0/6.9/0.14, dsn=4.7.1, status=SOFTBOUNCE (host
      > smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
      > Access denied (in reply to RCPT TO command))
      >
      >
      > # postqueue -p
      > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
      > A06D318122B 611 Fri Mar 29 06:09:33 firstName.lastName@...
      > (host smtp.indra.com[209.169.0.20] said: 550 5.7.1 <lastName@...>...
      > Access denied (in reply to RCPT TO command))
      > lastName@...
      >
      > Any thoughts?

      If this isn't enough to get you going, see here before posting again:

      http://www.postfix.org/DEBUG_README.html#mail
      --
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    Your message has been successfully submitted and would be delivered to recipients shortly.