> On Jun 17, 2024, at 12:16 AM, Peter via Postfix-users
> <postfix-users@postfix.org> wrote:
>
> On 17/06/24 16:49, Paul Schmehl via Postfix-users wrote:
>> On Jun 16, 2024, at 10:30 PM, Peter via Postfix-users
>> <postfix-users@postfix.org> wrote:
>>>
>>>
>>> It's likely that roundcube is not configured for TLS and postfix is (as it
>>> should be) configured not to offer AUTH until TLS is established.
>>>
>> Yes, postfix is configured to use TLS, and no roundcube is not. When I
>> configure roundcube to connect using TLS it can’t even connect to the
>> server. I don’t understand what’s going on with roundcube, but it’s
>> definitely not behavior I would expect. It’s had me pulling my hair out for
>> two days, and I don’t even have any hair.
>
> Without seeing logs and actual config settings I can only guess. One thing
> to keep in mind is that there's two types of TLS connection, implicit TLS and
> explicit TLS. Implicit TLS connects to a port dedicated to TLS connections,
> for submission this is the submissions (note the "s" on the end) port 465
> (formerly called smtps) and is now the recommended service to submit mail to.
> This is also controlled by the "wrappermode" setting in master.cf for the
> service. Explicit TLS connects first in plain text then uses the STARTTLS
> command to establish a TLS session, this is how the submission (note no "s"
> on the end) service on port 587 works. If you have wrappermode incorrectly
> set in postfix, or you have the wrong setting in roundcube then roundcube may
> be trying to connect with implicit TLS when postfix is expecting explicit TLS
> or vice-versa, either one will cause a failure at or shortly after connection
> time.
>
> There are other possible reasons for TLS connection problems and without
> seeing logs and settings it's impossible to determine what the actual issue
> is.
>
>> I’m hoping I have solved the problem. I have roundcube sending mail on port
>> 25 with no auth (all daemons are running on the same server), and it is
>> sending mail. Gmail rejects it, but I’ve altered my spf record to include
>> localhost. I hope once that propagates my problems with be solved.
>
> You should not use port 25 for submission. Port 25 should be for MX
> communication *only* and attempting to use it for submission will cause many
> many problems. Use either submissions (465) or submission (587) instead. Do
> note that the newest recommendations are to use submissions.
Thank you Peter. I’ll have to chew on this for a while.
>
Paul Schmehl
paul.schm...@gmail.com
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
