* Mufit Eribol <h...@onart.com.tr>: > > On 23.11.2015 00:16, Viktor Dukhovni wrote: > >On Sun, Nov 22, 2015 at 09:43:46PM +0200, Mufit Eribol wrote: > > > >>I have been running postfix at a small company for years without any > >>problem. For some reason, now I cannot get 250-AUTH LOGIN PLAIN when > >>telnetting to port 25. It may be due to a change in the upgraded packages or > >>a misconfiguration by me. Probably, I "fixed" something which is not broken. > >Nothing is wrong, look below: > > > > $ posttls-finger onart.com.tr > > posttls-finger: Connected to mail.randec.com[85.96.178.205]:25 > > posttls-finger: < 220 mail.onart.com.tr ESMTP Postfix > > posttls-finger: > EHLO amnesiac.invalid > > posttls-finger: < 250-mail.onart.com.tr > > posttls-finger: < 250-PIPELINING > > posttls-finger: < 250-SIZE 50000000 > > posttls-finger: < 250-ETRN > > posttls-finger: < 250-STARTTLS > > posttls-finger: < 250-ENHANCEDSTATUSCODES > > posttls-finger: < 250-8BITMIME > > posttls-finger: < 250 DSN > > posttls-finger: > STARTTLS > > posttls-finger: < 220 2.0.0 Ready to start TLS > > posttls-finger: mail.randec.com[85.96.178.205]:25 CommonName > > mail.onart.com.tr > > posttls-finger: certificate verification failed for > > mail.randec.com[85.96.178.205]:25: self-signed certificate > > posttls-finger: mail.randec.com[85.96.178.205]:25: > > subject_CN=mail.onart.com.tr, issuer_CN=mail.onart.com.tr, > > fingerprint=AB:0F:61:4C:9C:FB:22:DF:9F:61:55:60:61:B5:6A:B1:C7:03:44:4D, > > pkey_fingerprint=E7:65:0A:4E:AF:A7:8E:85:CC:D9:8F:8F:6C:00:32:48:1B:F1:16:3A > > posttls-finger: Untrusted TLS connection established to > > mail.randec.com[85.96.178.205]:25: TLSv1.2 with cipher > > ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > posttls-finger: > EHLO amnesiac.invalid > > posttls-finger: < 250-mail.onart.com.tr > > posttls-finger: < 250-PIPELINING > > posttls-finger: < 250-SIZE 50000000 > > posttls-finger: < 250-ETRN > > posttls-finger: < 250-AUTH PLAIN LOGIN > > posttls-finger: < 250-AUTH=PLAIN LOGIN > > posttls-finger: < 250-ENHANCEDSTATUSCODES > > posttls-finger: < 250-8BITMIME > > posttls-finger: < 250 DSN > > posttls-finger: > QUIT > > posttls-finger: < 221 2.0.0 Bye > > > >>I can send and receive mail system on ports 465 and 993 using SSL/TLS > >>without any issue (seemingly). I am not sure if missing "250-AUTH LOGIN > >>PLAIN" is a problem.If I telnet to 465 (or 993) I get no response. > >Of course not, those ports require an initial SSL/TLS handshake. > > > Viktor, thank you for your check.I am relieved. > > I realized that the related switch is > > smtpd_tls_auth_only = yes > > If it is changed to "no", then "AUTH PLAIN LOGIN" is also advertised.
Uhmm, for the record, this setting wasn't on the postfix configuration list you posted originally. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
