LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-11-2009, 03:28 PM   #1
sarajevo
Member
 
Registered: Apr 2005
Distribution: Debian, OpenBSD,Fedora,RedHat
Posts: 228
Blog Entries: 1

Rep: Reputation: 31
Postfix issue ; Must issue a STARTTLS command first after forcing TLS


Hi all,

I set up Postfix+smapassassian+Amavis-new mail server and I have one small issue, for which I cannot find how to solve it.

When I set up in main.cf

smtpd_tls_security_level = encrypt

to force tls and not accept connections which are not cripted, ( in evolution set as well to use TLS ) I am not able to send mails.

All mails fails with error

host 127.0.0.1[127.0.0.1] said: 530 5.7.0 Failed,
id=28847-11, from MTA([127.0.0.1]:10025): 530 5.7.0 Must issue a STARTTLS
command first (in reply to end of DATA command)

I understand what is problem here, amavist-new does not support TLS and all clear. I found that in case amavist and postfix are on same machine it is not necessary to use TLS within loopback ( within machine ), and as solution is recommended to set up in master.cf as :

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restrictions_classes=
-o smtpd_delay_reyect=no
-o smtpd_enforce_tls=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks


impotrant is : -o smtpd_enforce_tls=no as it is mentioned as solution for other people who run Ubuntu.

But I still have same problem with OpenBSD 4.5 ( upgraded from 4.4 ). All works when I comment out
smtpd_tls_security_level = encrypt in main.cf and
select NONE encription for smtp in evolution.

I really need your opinion about this issue , and opinions are welcome

Sorry for long post

Thank you in advance for any suggestion

Kind regards,
 
Old 05-13-2009, 03:05 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Try adding this to your main.cf:

Code:
smtpd_use_tls = yes
smtpd_tls_auth_only = no

Last edited by rweaver; 05-13-2009 at 03:07 PM.
 
Old 05-14-2009, 08:00 AM   #3
sarajevo
Member
 
Registered: Apr 2005
Distribution: Debian, OpenBSD,Fedora,RedHat
Posts: 228
Blog Entries: 1

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by rweaver View Post
Try adding this to your main.cf:

Code:
smtpd_use_tls = yes
smtpd_tls_auth_only = no

Hi rweaver,

with you suggestion it works.

Thank you

Nice regards
 
Old 05-14-2009, 08:28 AM   #4
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by sarajevo View Post
Hi rweaver,

with you suggestion it works.

Thank you

Nice regards
No problem, glad to help
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Issue mukundmurari Linux - Newbie 1 10-29-2007 07:57 AM
LXer: GnuTLS Release Removes TLS Authorization Due to Patent Issue LXer Syndicated Linux News 0 10-22-2007 01:50 AM
"Server certificate not installed" - obscure TLS issue (fix) gracecourt Linux - Security 1 05-30-2007 04:09 PM
FTP TLS / SSL Issue -- It works, but doesn't work. poweredbydodge Linux - Networking 0 10-31-2006 12:27 PM
Postfix Issue Grook93 Linux - Server 3 08-12-2006 04:48 AM


All times are GMT -5. The time now is 05:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration