[pfx] Re: Troubleshooting roundcube connections to postfix

Sun, 16 Jun 2024 23:06:50 -0700 

Am 2024-06-17 06:49, schrieb Paul Schmehl via Postfix-users:
On Jun 16, 2024, at 10:30 PM, Peter via Postfix-users <postfix-users@postfix.org> wrote: 



It's likely that roundcube is not configured for TLS and postfix is 
(as it should be) configured not to offer AUTH until TLS is 
established.



Yes, postfix is configured to use TLS, and no roundcube is not. When I 
configure roundcube to connect using TLS it can’t even connect to the 
server. I don’t understand what’s going on with roundcube, but it’s 
definitely not behavior I would expect. It’s had me pulling my hair out 
for two days, and I don’t even have any hair.



This makes roundcube use STARTTLS on port 587 (submission):
---snip---
$config['smtp_host'] = 'tls://your.smtp.server';
$config['smtp_port'] = 587;
---snip---

Other useful stuff for roundcube:
---snip---
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';

// Log sent messages to <log_dir>/sendmail.log or to syslog
$config['smtp_log'] = true;
---snip---


I’m hoping I have solved the problem. I have roundcube sending mail on 
port 25 with no auth (all daemons are running on the same server), and 
it is sending mail. Gmail rejects it, but I’ve altered my spf record to 
include localhost. I hope once that propagates my problems with be 
solved.



Probably not related to the gmail issue: you may want to remove some 
headers. I have those header checks to not expose some stuff from 
roundcube:


main.cf:
---snip---
smtp_header_checks = pcre:$config_directory/header_checks
---snip---

$config_directory/header_checks:
---snip---
/^Received: by your\.smtp\.server .*from userid [0-9]+\)/ IGNORE
/^Received: from www \(uid 80.*/ IGNORE

/^(Received: from your\.roundcube\.server)[^\n]*(.*)/ REPLACE $1 
(localhost [127.0.0.1])$2

---snip---

Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netch...@freebsd.org  : PGP 0x8F31830F9F2772BF



Attachment:
signature.asc

Description: OpenPGP digital signature


_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to