Am 09.01.2012 17:19, schrieb Ben Curtis: > Hi all, > > I've been scouring the internet trying to find someone who's done this > before, and am at a loss. > > I've got Postfix set up as a Smart Host for sending SMTP email from > Exchange 2010 (Small Business Server 2011). My problem is that I can't > get TLS to work. The error message I get back in Exchange is: > > [451 4.4.0 Primary target IP address responded with: "454 4.7.5 > Certificate validation failure." Attempted failover to alternate host, > but that did not succeed. Either there are no alternate hosts, or > delivery failed to all alternate hosts.] > > Postfix doesn't seem to be reporting any errors. I am using > self-signed certs on both the Exchange server and the Postfix server, > and have added both signed-cert.crt and ca.crt to the trusted > certificate store in Exchange. > > Below are key areas of main.cf: > > # SASL > smtpd_sasl_auth_enable = yes > broken_sasl_auth_clients = no > smtpd_sasl_security_options = noanonymous > smtpd_sasl_local_domain = > > # TLS parameters > smtp_tls_security_level = may > smtpd_tls_security_level = may > smtp_tls_note_starttls_offer = yes > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > smtpd_tls_cert_file = /etc/postfix/certs/signed-cert.crt > smtpd_tls_key_file = /etc/postfix/certs/cert.key > smtp_tls_CAfile = /etc/postfix/certs/ca.crt > > Any thoughts? Anything else I can post to aid in debug? > > Thanks, > Ben
Hi Ben, all i can say that i have Exchange 2003 Servers that using submission port with tls for relay at postfix, so if it is no microsoft magic feature or bug my bet would go to some exchange config problem, i see no postfix problem on your config by fast overflow, so consult technet/ exchange logs etc for find more hm perhaps take the default for smtp_tls_note_starttls_offer (default: no) but i guess this isnt the problem anyway perhaps post the whole postfix config and/or existing log entries ( if exist ) -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
