-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 20/07/2014 21:41, Noel Jones wrote:
> On 7/20/2014 9:08 AM, nobody73 wrote:
>>> Am 20.07.2014 01:11, schrieb nobody73:
>>>> I have a postfix server i'd use as mobile user wherever i may
>>>> be. It has a static public ip/28 network interface and i want
>>>> smtp to use sasl/ssl authenticated connection with its
>>>> relay_host provider and no authentication for smtpd but still
>>>> ssl
>
>
>> alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes
>> config_directory = /etc/postfix debug_peer_level = 1
>> disable_dns_lookups = yes disable_vrfy_command = yes
>> inet_interfaces = all mailbox_size_limit = 0 mydestination =
>> $myhostname, $mydomain, localhost.$mydomain, localhost mydomain =
>> mydomainname.org myhostname = myhostname.org mynetworks =
>> xx.xxx.xx.xxx/32, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>> myorigin = $mydomain readme_directory = no recipient_delimiter =
>> + relayhost = [smtp.relay.host] smtp_sasl_auth_enable = yes
>> smtp_sasl_mechanism_filter = plain login smtp_sasl_password_maps
>> = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options =
>> smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem smtp_tls_cert_file
>> = /etc/postfix/ssl/cert.pem smtp_tls_key_file =
>> /etc/postfix/ssl/key.pem smtp_tls_note_starttls_offer = yes
>> smtp_tls_security_level = may smtp_tls_session_cache_database =
>> btree:${data_directory}/smtp_scache smtp_use_tls = yes
>> smtpd_banner = $myhostname ESMTP $mail_name (Hell/Awaits)
>> smtpd_recipient_restrictions = permit_mynetworks,
>> reject_unauth_destination smtpd_sasl_auth_enable = no
>> smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain =
>> $myhostname smtpd_sasl_security_options =
>> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
>> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
>> smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
>> smtpd_tls_key_file = /etc/postfix/ssl/key.pem smtpd_tls_loglevel
>> = 2 smtpd_tls_received_header = yes smtpd_tls_security_level =
>> may smtpd_tls_session_cache_database =
>> btree:${data_directory}/smtpd_scache
>> smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes
>> tls_random_source = dev:/dev/urandom transport_maps =
>> hash:/etc/postfix/transport look
>
>> Saslauthd looks good:
>
>> testsaslauthd -u user -p p4ssw0rd 0: OK "Success."
>
>> The above test just to make you sure saslauthd is working
>
>
>> Ok, these the logs while connecting from my laptop:
>
>> Jul 20 15:17:15 frozenstar postfix/smtpd[11768]: connect from
>> xxx.yyyyyyyy.zzz[11.22.11.22]
>
> The laptop connected to postfix.
>
>> Jul 20 15:17:51 frozenstar postfix/smtpd[11768]: lost connection
>> after UNKNOWN from xxx.yyyyyyyy.zzz[11.22.11.22]
>
> The laptop sent some garbage.
>
>> Jul 20 15:17:51 frozenstar postfix/smtpd[11768]: disconnect from
>> xxx.yyyyyyyy.zzz[11.22.11.22]
>
> postfix disconnected due to not receiving anything readable.
>
>
> My guess is you've configured the mail client to use the deprecated
> smtps wrappermode TLS. Many mail clients improperly refer to this
> mode as "SSL".
I had wrappermode on port 465 ,looking at master.cf ,and i disabled it
setting it to NO.
these the logs after change:
Jul 20 23:18:35 frozenstar postfix/smtpd[12805]: connect from
xxx.yyyyyyyy.zzz[11.22.11.22]
Jul 20 23:20:26 frozenstar postfix/smtpd[12805]: lost connection after
UNKNOWN from xxx.yyyyyyyy.zzz[11.22.11.22]
Jul 20 23:20:26 frozenstar postfix/smtpd[12805]: disconnect from
xxx.yyyyyyyy.zzz[11.22.11.22]
There's the 'UNKNOWN' bit to sort out !
> Either set your mail client to use the modern STARTTLS, or you can
> enable postfix to listen for the obsolete smtps wrappermode on port
> 465. See the smtps example in master.cf if you need to enable this
> mode.
>
Best choise is to configure both ssl/tls & SASL to have postfix
listening on different ports offering different services . (IMHO)
Regards
Gab
- --
Key fingerprint = D8E8 7374 49EA 8017 EC52 AD73 0294 F341 FF66 9495
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iF4EAREKAAYFAlPMOYsACgkQApTzQf9mlJXmngEAiE572DzDHKWWa9P/RJhvlcw0
T5HB/oNJih0ZxWj31EYA/12FpVb1YyJL8Q3BpscpcDlgx+ue8Ulbq8lOIFfbPw5K
=aWRL
-----END PGP SIGNATURE-----
