Thanks for all the replies. This for an internal relay only with access from a limited set of IPs so I am not concerned about security. And yes, I blew on on the encrypted password - should have just **** out the entire thing. I am using port 465 just as an alternate port to 25 for only the problem HVAC systems so I am not using it in the default manner with encryption which is why I do not have o smtpd_tls_wrappermode=yes set.
I still have the problem though, that sasl is working fine via testsaslauthd, but I cannot get it to work with postfix. Does anyone have ideas on how to debug the postfix - sasl interface (I am using cyrus sasl). cheers, ski On 2/21/19 1:26 AM, Matus UHLAR - fantomas wrote: > On 20.02.19 15:34, Ski Kacoroski wrote: >> I have installed the sasl packages and configured sasl so testsaslauthd >> works perfectly with the ldap backend. I then set up postfix to have >> this on port 465 in master.cf: >> >> smtps inet n - n - - smtpd -v >> -o syslog_name=postfix/smtps >> -o smtpd_sasl_auth_enable=yes > > port 465 should be implicitly encrypted. The defailt master.cf contains > "-o smtpd_tls_wrappermode=yes" option to > achieve this. > testing should be done by calling > > openssl s_client -connect localhost:465 -crlf > > instead of telnet. > > note that port 465 default options contain also another options: > "-o smtpd_client_restrictions=permit_sasl_authenticated,reject" > > that should be used there. > > -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, kacoro...@gmail.com, 206-501-9803
