LuKreme a écrit : > On 13-Mar-2009, at 14:51, Jorey Bump wrote: >> submission inet n - n - - smtpd >> -o smtpd_tls_security_level=encrypt >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > Yeah, once I get TLS setup. I am running 2.5.6. I did change the > submission port to > >> o smtpd_enforce_tls=no -o smtpd_sasl_auth_enable=yes >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject >> -o syslog_name=postfix/submit > > Just to see what would get logged, I went ahead and tried to use this. > I knew it wouldn't work, but I was hoping for useful error messages. I > got this: > > submit/smtpd[32686]: connect from > c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51] > submit/smtpd[32686]: lost connection after EHLO from > c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51] > submit/smtpd[32686]: disconnect from > c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51] > submit/smtpd[32686]: connect from > c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51] > submit/smtpd[32686]: timeout after UNKNOWN from > c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51] > submit/smtpd[32686]: disconnect from > c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51] > > Not that useful... >
test the connection manually: $ telnet yourserv 587 ... EHLO yourclienthostname ... QUIT then check the response of EHLO. if it contains STARTTLS but not AUTH, then it means a client must use TLS before it can authenticate. if your MUA is configured to do AUTH but not TLS, this may be a problem. >>> I wish more clients were like Mail.app in this respect, its default is >>> to try 25, 465, and 587, so if all my users were using Mail.app, I could >>> just switch things and it would 'do the right thing'. >> >> Is that true after initial configuration? It would be odd for a client >> to start probing alternate ports outside of a configuration wizard. > > Appears so. Its default setting is "Use default ports (25, 465, 587)" > this would be only at setup time (when you add an account...). or maybe if connection to the configured port doesn't work anymore. otherwise, it would be a nuisance.
