-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/20/2014 9:08 AM, nobody73 wrote:
>> Am 20.07.2014 01:11, schrieb nobody73:
>>> I have a postfix server i'd use as mobile user wherever i
>>> may be. It has a static public ip/28 network interface and
>>> i want smtp to use sasl/ssl authenticated connection with
>>> its relay_host provider and no authentication for smtpd but
>>> still ssl
>
>
> alias_database = hash:/etc/aliases alias_maps =
> hash:/etc/aliases append_dot_mydomain = no biff = no
> broken_sasl_auth_clients = yes config_directory = /etc/postfix
> debug_peer_level = 1 disable_dns_lookups = yes
> disable_vrfy_command = yes inet_interfaces = all
> mailbox_size_limit = 0 mydestination = $myhostname, $mydomain,
> localhost.$mydomain, localhost mydomain = mydomainname.org
> myhostname = myhostname.org mynetworks = xx.xxx.xx.xxx/32,
> 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin =
> $mydomain readme_directory = no recipient_delimiter = +
> relayhost = [smtp.relay.host] smtp_sasl_auth_enable = yes
> smtp_sasl_mechanism_filter = plain login
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = smtp_tls_CAfile =
> /etc/postfix/ssl/cacert.pem smtp_tls_cert_file =
> /etc/postfix/ssl/cert.pem smtp_tls_key_file =
> /etc/postfix/ssl/key.pem smtp_tls_note_starttls_offer = yes
> smtp_tls_security_level = may smtp_tls_session_cache_database =
> btree:${data_directory}/smtp_scache smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name (Hell/Awaits)
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destination smtpd_sasl_auth_enable = no
> smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain =
> $myhostname smtpd_sasl_security_options =
> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
> smtpd_tls_key_file = /etc/postfix/ssl/key.pem
> smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes
> smtpd_tls_security_level = may smtpd_tls_session_cache_database
> = btree:${data_directory}/smtpd_scache
> smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom transport_maps =
> hash:/etc/postfix/transport look
>
> Saslauthd looks good:
>
> testsaslauthd -u user -p p4ssw0rd 0: OK "Success."
>
> The above test just to make you sure saslauthd is working
>
>
>>> Now i show you postfix mail.log while i connect from my
>>> laptop with a mail from ggmail address:
>>>
>>> http://pastebin.pw/9m2fxh
>
>> while still nobody cares ofr pastebin that is a *debug log*
>> don't enable debuglogs unless not advised to do so nobody
>> reads that mess of thounsads lines with no relevant
>> information
>
> Ok, these the logs while connecting from my laptop:
>
> Jul 20 15:17:15 frozenstar postfix/smtpd[11768]: connect from
> xxx.yyyyyyyy.zzz[11.22.11.22]
The laptop connected to postfix.
> Jul 20 15:17:51 frozenstar postfix/smtpd[11768]: lost
> connection after UNKNOWN from xxx.yyyyyyyy.zzz[11.22.11.22]
The laptop sent some garbage.
> Jul 20 15:17:51 frozenstar postfix/smtpd[11768]: disconnect
> from xxx.yyyyyyyy.zzz[11.22.11.22]
postfix disconnected due to not receiving anything readable.
My guess is you've configured the mail client to use the
deprecated smtps wrappermode TLS. Many mail clients improperly
refer to this mode as "SSL".
Either set your mail client to use the modern STARTTLS, or you can
enable postfix to listen for the obsolete smtps wrappermode on
port 465. See the smtps example in master.cf if you need to
enable this mode.
For authentication without passwords, you can use TLS
certificates. Not many mail clients support certificate
authentication, mostly this is used for MTA to MTA connections.
http://www.postfix.org/TLS_README.html
-- Noel Jones
>
> I think postfix have proper configuration measures against
> spam, saslauthd is not the only way to handle it . But i'm
> interested in both passwordless and authenticated possibilities
> and than choose the best for me. Best regards Gab
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTzBt6AAoJEJGRUHb5Oh6gPewIAMc+ZYgVeqX3rHYKe7v1JUjS
Iyyn8xSuqYKn0AY0mAItH6Lbj2KNGWkNkaxjRBR9iFZ/KEircosolPAM1FkKsXdQ
b81ShWIAoYlDaD3Z67CFIUQOxoai0oXDbt7mkZXJE5AqcRG8r6200J+7nRXIb2Z3
CvssknqHIou8l+r2OlcreZw8AWdNA/w+3snYs1QUYgLhiWaD1jeHIe9UkCbvQ+zr
d9nLl21mQ6ZdxJlkyBFNFD6r/VlM0+p8hXfR1wsaL7qPam9xd6641OPNKt3IrpHI
sU98/jN64FBWQPU8HPnSu9XkhiAyuNwuEaL1jlyQAnGRvdf768esRFYJZump15k=
=96V0
-----END PGP SIGNATURE-----
