Dear Viktor, I setup the certificates repository for mailx and everything works OK !!!!
$ mailx -v -r "[email protected]" -s "TLS test" -S smtp="172.16.1.1:587" -S smtp-use-starttls -S ssl-verify=ignore -S nss-config-dir=/etc/pki/nssdb/ [email protected] Really I appreciate the important help from this mailing list, mainly yours. Thousands of thanks and now it-s time to make a document !!! Regards, J. On Mon, Mar 13, 2017 at 11:58 PM, Jeronimo L. Cabral <[email protected]> wrote: > Ahh OK, and now when I try to send a mesaage with mailx, in the mail.log > from Postfix I have this: > > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: connect from > unknown[10.1.1.1] > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: match_hostaddr: > 10.1.1.1 ~? 127.0.0.0/8 > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: match_hostaddr: > 10.1.1.1 ~? 10.0.0.0/8 > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 220 relay.mycompany.com ESMTP Postfix (Debian/GNU) > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: < > unknown[10.1.1.1]: EHLO CLIENT01 > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: match_list_match: > 10.1.1.1: no match > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250-relay.mycompany.com > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250-PIPELINING > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250-SIZE 15240000 > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250-ETRN > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250-STARTTLS > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250-ENHANCEDSTATUSCODES > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250-8BITMIME > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 250 DSN > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: < > unknown[10.1.1.1]: STARTTLS > Mar 13 23:52:03 RELAY1 postfix/submission/smtpd[4570]: > > unknown[10.1.1.1]: 220 2.0.0 Ready to start TLS > Mar 13 23:52:04 RELAY1 postfix/submission/smtpd[4570]: SSL_accept error > from unknown[10.1.1.1]: lost connection > Mar 13 23:52:04 RELAY1 postfix/submission/smtpd[4570]: match_hostaddr: > 10.1.1.1 ~? 127.0.0.0/8 > Mar 13 23:52:04 RELAY1 postfix/submission/smtpd[4570]: match_hostaddr: > 10.1.1.1 ~? 10.0.0.0/8 > Mar 13 23:52:04 RELAY1 postfix/submission/smtpd[4570]: lost connection > after STARTTLS from unknown[10.1.1.1] > Mar 13 23:52:04 RELAY1 postfix/submission/smtpd[4570]: disconnect from > unknown[10.1.1.1] > > and from mailx output> > > aaa > . > EOT > Resolving host 172.16.1.1 . . . done. > Connecting to 172.16.1.1:587 . . . connected. > 220 relay.mycompany.com ESMTP Postfix (Debian/GNU) > >>> EHLO CLIENT01 > 250-relay.mycompany.com > 250-PIPELINING > 250-SIZE 15240000 > 250-ETRN > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > >>> STARTTLS > 220 2.0.0 Ready to start TLS > Error initializing NSS: Unknown error -8015. > "/root/dead.letter" 11/313 > . . . message not sent. > > On Mon, Mar 13, 2017 at 11:46 PM, Viktor Dukhovni < > [email protected]> wrote: > >> >> > On Mar 13, 2017, at 10:39 PM, Jeronimo L. Cabral <[email protected]> >> wrote: >> > >> > After set the verbose logging: >> > >> > debug_peer_list = 10.1.1.1 (client IP) >> >> >> > and try to send a message with mailx, the log is empty because the >> STARTTLS capabilities on port TCP/587 are nor present: >> >> That's because there's a typo in: >> >> smtpd_relay_restrictions = permit_mynetworks, >> permit_sasl_authenticated, reject_unauth_destinations >> >> That last element should be singular: "reject_unauth_destination" not >> plural "...destinations" >> >> This would be easily found in your logs: >> >> http://www.postfix.org/DEBUG_README.html#logging >> >> -- >> Viktor. >> >> >
