Hello, we have setup a server for a client (domain: client.ag), where the external MX requires a connection on port 465 with SSL/TLS. Therefore we added the following lines to main.cf
relayhost = smtp.mailbox.org:465
# SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode =
yes", and "smtp_tls_security_level = encrypt" (or stronger)
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
With these setting postfix is able to connect to the external server, but
internal connections fail:
Feb 5 13:34:56 ciphermail postfix/qmgr[6260]: 0D70040AA5:
from=<edif...@client.ag>, size=601, nrcpt=1 (queue active)
Feb 5 13:34:56 ciphermail postfix/smtp[6269]: SSL_connect error to
127.0.0.1[127.0.0.1]:10025: -1
Feb 5 13:34:56 ciphermail postfix/smtp[6269]: warning: TLS library problem:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:794:
Feb 5 13:34:56 ciphermail postfix/smtp[6269]: 0D70040AA5: to=<edif...@web.de>,
relay=127.0.0.1[127.0.0.1]:10025, delay=0.14, delays=0.12/0.01/0/0, dsn=4.7.5,
status=deferred (Cannot start TLS: handshake failure)
This is the current main.cf
djigzo_myhostname = ciphermail.client.ag
djigzo_mydestination = client.ag
djigzo_mynetworks = 127.0.0.1/32
djigzo_relayhost = smtp.mailbox.org
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 465
djigzo_relay_domains =
djigzo_before_filter_message_size_limit = 102400000
djigzo_after_filter_message_size_limit = 102400000
djigzo_mailbox_size_limit = 102400000
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 127.0.0.1
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =
myhostname = ${djigzo_myhostname}
mydestination = ciphermail, $myhostname, ubuntu-2gb-nbg1-dc3-1,
localhost.localdomain, localhost, ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, ${djigzo_mynetworks}
relay_domains = ${djigzo_relay_domains}
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
smtp_helo_name =
${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
relay_transport =
relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
relayhost =
${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_invalid_hostname reject_unknown_sender_domain
reject_unknown_recipient_domain
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
smtpd_discard_ehlo_keywords = silent-discard VRFY ETRN DSN
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
compatibility_level=2
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
mydomain = client.ag
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_transport = cyrus
content_filter = djigzo:[127.0.0.1]:10025
recipient_delimiter = +
mailbox_size_limit = ${djigzo_mailbox_size_limit}
message_size_limit = ${djigzo_after_filter_message_size_limit}
inet_interfaces = all
inet_protocols = ipv4
myorigin = client.ag
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_sasl_security_options =
sender_canonical_maps = hash:/etc/postfix/sender_canonical
Which parameters do we have to change, to achieve a communication in both
directions?
Thanks for any suggestions,
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
