> On Mar 13, 2017, at 7:37 PM, Jeronimo L. Cabral <[email protected]> wrote: > > Dear Viktor. sorry but I'll try to be more explicit because > I have to put to work the submission and I can't: > > main.cf: > > smtp_tls_cert_file = /etc/postfix/SSL/publica.crt > smtp_tls_key_file = /etc/postfix/SSL/privada.pem
Though not related to your current problem, client certificates are not recommended for MTAs, leave these two parameters empty. > smtp_tls_loglevel = 2 And the log level at 1. > master.cf: > > submission inet n - - - - smtpd > -o syslog_name=postfix/submission > # -o smtpd_tls_security_level=encrypt > # -o smtpd_sasl_auth_enable=yes > # -o smtpd_client_restrictions=permit_sasl_authenticated,reject > # -o milter_macro_daemon_name=ORIGINATING Do uncomment the remaining options, but change "smtpd_client_restrictions" to "permit_mynetworks, reject", making sure that "172.1.1.1" et. al. are listed in my networks. > And when I send a message with mailx from client 172.1.1.1: > > $ mailx -v -r "[email protected]" -s "TLS test" -S smtp="10.1.1.1:587" -S > smtp-use-starttls -S ssl-verify=ignore [email protected] I still don't see where you're specifying the message to be sent. > I get this log in Postfix: > > Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: connect from > unknown[172.1.1.1] > Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: setting up TLS > connection from unknown[172.1.1.1] > Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: > unknown[10.12.13.220]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH" > Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: SSL_accept error > from unknown[172.1.1.1]: lost connection > Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: lost connection > after STARTTLS from unknown[172.1.1.1] > Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: disconnect from > unknown[172.1.1.1] The client disconnected, by the look of things without even sending a TLS client HELLO. Postfix can't tell you the reason for that. Get more verbose diagnostics from "mailx". You can try: # postconf -e "debug_peer_list = 172.1.1.1" # postfix reload but you probably won't see anything new and interesting on the Postfix side. -- Viktor.
