LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-13-2008, 04:59 AM   #1
i_nomad
Member
 
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Rep: Reputation: 15
TLS problems


Hi all,
I am having problems sending mail from mail clients where TLS is enabled (using thunderbird and outlook express)

I keep getting the error: "An error has occurred sending mail: unable to connect to SMTP server XXX.com via STARTTLS since it doesnt offer starttls in EHLO response. Please verify account settings etc.."

Now I can log on to the server to download with IMAP. If option send with TLS if available is selected mail sends fine, however if send using TLS only chosen the above error is generated

I can telnet locally on the serverto verify that tls starts..

220 XXXX ESMTP Postfix
ehlo mail
250-mail.XXX.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
starttls
220 Ready to start TLS


maillog shows
initializing the server-side TLS engine etc
but there is obviously no certification exchange as handshake not taking place

smtpd.conf

#Global parameters
pwcheck_method: saslauthd
mech_list: plain login


main.cf

readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
myorigin = $mydomain
myhostname = mail.xxx.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, xxx.com, xxx.local
mynetworks = 10.17.0.0/16, 127.0.0.0/8, 10.18.0.0/16, 10.19.0.0/16, 81.85.23.0/24

#SASL Support for clients

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smptd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes


#TLS (Transport Layer Security)

smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

smtpd_helo_required = yes

#smtpd_recipient_restrictions =
# permit_sasl_authenticated
# permit_mynetworks
# reject_non_fqdn_recipient
# reject_non_fqdn_sender
# reject_unknown_sender_domain
# reject_unknown_recipient_domain
# reject_unauth_destination
# #reject_non_fqdn_hostname
#reject_invalid_hostname
# check_recipient_access hash:/etc/postfix/roleaccount_exceptions
# permit

smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, permit




Can anyone help me??

Last edited by i_nomad; 05-14-2008 at 04:46 AM.
 
Old 05-13-2008, 07:12 AM   #2
i_nomad
Member
 
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Original Poster
Rep: Reputation: 15
Anyone able to give me any pointers please..?
Regards
 
Old 05-13-2008, 05:19 PM   #3
i_nomad
Member
 
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Original Poster
Rep: Reputation: 15
Can any one tell me if TLS is dependent on any ports being open other than port 25. So is it also dependent on SSL port 465 being open??

I cannot understand why a telnet session shows starttls can be established yet when the client tries the server complains that it does not offer starttls in ehlo response..

Any help would be greatly appreciated for this novice.

Regards
 
Old 05-14-2008, 04:47 AM   #4
i_nomad
Member
 
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Original Poster
Rep: Reputation: 15
Any ideas anyone? I need some pointers please.

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
errno: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference johnpaulodonnell Programming 2 07-25-2008 05:37 AM
LDAP connection problems after enabling TLS kenneho Linux - Software 3 05-13-2008 07:04 AM
problems when running vsFTPd with TLS/SSL knudsen83 Linux - Server 2 01-08-2008 04:10 PM
vsftpd & tls problems vonedaddy Linux - Software 1 01-02-2008 05:56 PM
problems with nvidia's TLS jogurt666 Linux - Software 2 12-30-2004 11:48 AM


All times are GMT -5. The time now is 06:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration