Hi all
has anyone got this combination working? (postfix with TLS/SASL
on debian woody)
I've followed all the instructions I can find on the web, and
even added backports.org to get postfix2 and sasl2 and still
I keep getting the same error:
May 1 22:09:15 gw postfix/smtpd[13280]: starting TLS eng
Firstly, I assume you have postfix running as distributed without
SASL/TLS.
If so, I suggest that you test each of the major components, SASL and TLS
(or OPENSSL) to ensure that you have them setup correctly before
combining them to work in Postfix. This is the part that's left out by
the HOWTO's
O Plameras wrote:
Firstly, I assume you have postfix running as distributed without
SASL/TLS.
yes
If so, I suggest that you test each of the major components, SASL and TLS
(or OPENSSL) to ensure that you have them setup correctly before
combining them to work in Postfix. This is the part that's le
David Fitch wrote:
O Plameras wrote:
Firstly, I assume you have postfix running as distributed without
SASL/TLS.
yes
If so, I suggest that you test each of the major components, SASL and
TLS
(or OPENSSL) to ensure that you have them setup correctly before
combining them to work in Postfix. This
* On Mon, May 02, 2005 at 07:26:15AM +0930, David Fitch wrote:
> has anyone got this combination working? (postfix with TLS/SASL
> on debian woody)
No, haven't got it going, but it's on my todo list...
The tutorial at [1] may help.
[1] http://workaround.org/articles/ispmail-sarge/
--
Sonia Hami
O Plameras wrote:
After the above procedure insert these:
openssl -new -x509 -keyout demoCA/private/cakey.pem \
-out demoCA/cacert.pem -days 365
no such command '-new', did you mean:
openssl req -new -x509 -keyout demoCA/private/cakey.pem \
-out demoCA/cacert.pem -days 365
David Fitch wrote:
O Plameras wrote:
After the above procedure insert these:
openssl -new -x509 -keyout demoCA/private/cakey.pem \
-out demoCA/cacert.pem -days 365
no such command '-new', did you mean:
openssl req -new -x509 -keyout demoCA/private/cakey.pem \
-out demoCA/
ok think I've got the ssl stuff sorted out now, problem is
the smtp authentication still doesn't work, eg. see log extract:
May 2 23:21:02 gw postfix/smtpd[22461]: TLS connection established from
noodle[192.168.1.5]: TLSv1 with cipher RC4-MD
5 (128/128 bits)
May 2 23:21:02 gw postfix/smtpd[22461
What does this show when your do this on your
postfix server ?
# telnet localhost 25
then put 'ehlo localhost' and ''.
then put 'quit' and '' to exit.
# David Fitch wrote:
ok think I've got the ssl stuff sorted out now, problem is
the smtp authentication still doesn't work, eg. see log extract:
Ma
O Plameras wrote:
What does this show when your do this on your
postfix server ?
the AUTH stuff is there:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail ESMTP Postfix
ehlo localhost
250-mail
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250
David Fitch wrote:
O Plameras wrote:
What does this show when your do this on your
postfix server ?
the AUTH stuff is there:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail ESMTP Postfix
ehlo localhost
250-mail
250-PIPELINING
250-SIZE 1024
2
I received an email asking how do I check
if TLS/PLAIN auth works since there are
several mail clients with various setup
procedures. So, it is difficult to tell
if it is the mail client that is not working
or it is the postfix setup that has a problem.
To separate any problem with mail-clients fr
O Plameras wrote:
The ff. are the suggested configurations:
1. smtp.conf may have:
pwcheck_method:saslauthd
mech_list: plain login
# cat sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
#log_level: 7
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
2. /etc/default/saslauthd
David Fitch wrote:
O Plameras wrote:
The ff. are the suggested configurations:
1. smtp.conf may have:
pwcheck_method:saslauthd
mech_list: plain login
# cat sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
#log_level: 7
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
2. /e
O Plameras wrote:
This is strange. What displays here is controlled
by 'smtp.conf' and '#smtpd_tls_auth_only=yes'.
# cat sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
AUTH PLAIN LOGIN
should be listed and no more. I can't explain this.
Something is wrong somewhere.
I noticed th
O Plameras wrote:
This is strange. What displays here is controlled
by 'smtp.conf' and '#smtpd_tls_auth_only=yes'.
# cat sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
AUTH PLAIN LOGIN
should be listed and no more. I can't explain this.
Something is wrong somewhere.
As a matter of
David Fitch wrote:
I think it is your,
inet_interfaces = localhost
You're telling postfix to accept 'SMTP' connections from 'localhost'
only.
do you mean "mynetworks"?
as I said, it receives mail on all interfaces so that's not it.
No, 'mynetworks' has different functionality.
'inet_interfaces'
David Fitch wrote:
As a matter of fact, CRAM-MD5, GSSAPI, and DIGEST-MD5 should'nt
be used at all in your case because you are already using TLS.
TLS and anyone of these are mutually exclusive. You use TLS
of one of this.
hmm dunno
TLS is needed to protect plain text messages sent and received
acr
On 5/6/05, David Fitch <[EMAIL PROTECTED]> wrote:
> do you mean "mynetworks"?
> as I said, it receives mail on all interfaces so that's not it.
mynetworks relates to which hosts are allowed to use this smtp
server.. ie. relay control. It doesn't relate to what interfaces the
smtp will listen on.
Michael Fox wrote:
On 5/6/05, David Fitch <[EMAIL PROTECTED]> wrote:
do you mean "mynetworks"?
as I said, it receives mail on all interfaces so that's not it.
mynetworks relates to which hosts are allowed to use this smtp
server.. ie. relay control. It doesn't relate to what interfaces the
smtp wi
O Plameras wrote:
'inet_interfaces' has another functionality and
if you try,
inet_interfaces = all,
you'll discover you can smtp from another host.
I hadn't heard of inet_interfaces before, but as I said
any host can already connect (I suspect the default is
'all') to send mail to local users.
It'
David Fitch wrote:
O Plameras wrote:
'inet_interfaces' has another functionality and
if you try,
inet_interfaces = all,
you'll discover you can smtp from another host.
I hadn't heard of inet_interfaces before, but as I said
any host can already connect (I suspect the default is
'all') to send mail
On Sat, 2005-05-07 at 01:55, O Plameras wrote:
> In the Postfix RPM distribution, as far as I know, config
> for inet_interfaces defaults to 'localhost',i.e,
> 'inet_interfaces=localhost'.
debian have their own (sensible) defaults, but I've
put it in to see if it makes any difference.
> Well it h
O Plameras wrote:
I assume SMTP AUTH is now working.
no, but I've run out of time now, will have to play
with it again at a later date.
thanks for your efforts anyway.
Dave.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mai
24 matches
Mail list logo
