On 17/06/24 16:49, Paul Schmehl via Postfix-users wrote:
On Jun 16, 2024, at 10:30 PM, Peter via Postfix-users
<postfix-users@postfix.org> wrote:
It's likely that roundcube is not configured for TLS and postfix is (as it
should be) configured not to offer AUTH until TLS is established.
Yes, postfix is configured to use TLS, and no roundcube is not. When I
configure roundcube to connect using TLS it can’t even connect to the server. I
don’t understand what’s going on with roundcube, but it’s definitely not
behavior I would expect. It’s had me pulling my hair out for two days, and I
don’t even have any hair.
Without seeing logs and actual config settings I can only guess. One
thing to keep in mind is that there's two types of TLS connection,
implicit TLS and explicit TLS. Implicit TLS connects to a port
dedicated to TLS connections, for submission this is the submissions
(note the "s" on the end) port 465 (formerly called smtps) and is now
the recommended service to submit mail to. This is also controlled by
the "wrappermode" setting in master.cf for the service. Explicit TLS
connects first in plain text then uses the STARTTLS command to establish
a TLS session, this is how the submission (note no "s" on the end)
service on port 587 works. If you have wrappermode incorrectly set in
postfix, or you have the wrong setting in roundcube then roundcube may
be trying to connect with implicit TLS when postfix is expecting
explicit TLS or vice-versa, either one will cause a failure at or
shortly after connection time.
There are other possible reasons for TLS connection problems and without
seeing logs and settings it's impossible to determine what the actual
issue is.
I’m hoping I have solved the problem. I have roundcube sending mail on port 25
with no auth (all daemons are running on the same server), and it is sending
mail. Gmail rejects it, but I’ve altered my spf record to include localhost. I
hope once that propagates my problems with be solved.
You should not use port 25 for submission. Port 25 should be for MX
communication *only* and attempting to use it for submission will cause
many many problems. Use either submissions (465) or submission (587)
instead. Do note that the newest recommendations are to use submissions.
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org