Hello, we have setup a server for a client (domain: client.ag), where the external MX requires a connection on port 465 with SSL/TLS. Therefore we added the following lines to main.cf
relayhost = smtp.mailbox.org:465 # SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger) smtp_tls_wrappermode = yes smtp_tls_security_level = encrypt With these setting postfix is able to connect to the external server, but internal connections fail: Feb 5 13:34:56 ciphermail postfix/qmgr[6260]: 0D70040AA5: from=<edif...@client.ag>, size=601, nrcpt=1 (queue active) Feb 5 13:34:56 ciphermail postfix/smtp[6269]: SSL_connect error to 127.0.0.1[127.0.0.1]:10025: -1 Feb 5 13:34:56 ciphermail postfix/smtp[6269]: warning: TLS library problem: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794: Feb 5 13:34:56 ciphermail postfix/smtp[6269]: 0D70040AA5: to=<edif...@web.de>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.14, delays=0.12/0.01/0/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure) This is the current main.cf djigzo_myhostname = ciphermail.client.ag djigzo_mydestination = client.ag djigzo_mynetworks = 127.0.0.1/32 djigzo_relayhost = smtp.mailbox.org djigzo_relayhost_mx_lookup = djigzo_relayhost_port = 465 djigzo_relay_domains = djigzo_before_filter_message_size_limit = 102400000 djigzo_after_filter_message_size_limit = 102400000 djigzo_mailbox_size_limit = 102400000 djigzo_smtp_helo_name = djigzo_relay_transport_host = 127.0.0.1 djigzo_relay_transport_host_mx_lookup = djigzo_relay_transport_host_port = 25 djigzo_reject_unverified_recipient = djigzo_unverified_recipient_reject_code = 450 djigzo_parent_domain_matches_subdomains = djigzo_rbl_clients = myhostname = ${djigzo_myhostname} mydestination = ciphermail, $myhostname, ubuntu-2gb-nbg1-dc3-1, localhost.localdomain, localhost, ${djigzo_mydestination} mynetworks = 127.0.0.0/8, ${djigzo_mynetworks} relay_domains = ${djigzo_relay_domains} parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains} smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}} relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}} relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}} smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_invalid_hostname reject_unknown_sender_domain reject_unknown_recipient_domain ${djigzo_rbl_clients} ${djigzo_reject_unverified_recipient? reject_unverified_recipient} smtpd_discard_ehlo_keywords = silent-discard VRFY ETRN DSN unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code} compatibility_level=2 smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination mydomain = client.ag alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mailbox_transport = cyrus content_filter = djigzo:[127.0.0.1]:10025 recipient_delimiter = + mailbox_size_limit = ${djigzo_mailbox_size_limit} message_size_limit = ${djigzo_after_filter_message_size_limit} inet_interfaces = all inet_protocols = ipv4 myorigin = client.ag smtpd_sasl_path = smtpd smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd smtp_sasl_security_options = sender_canonical_maps = hash:/etc/postfix/sender_canonical Which parameters do we have to change, to achieve a communication in both directions? Thanks for any suggestions, Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users