TLS problems
Hi all,
I am having problems sending mail from mail clients where TLS is enabled (using thunderbird and outlook express) I keep getting the error: "An error has occurred sending mail: unable to connect to SMTP server XXX.com via STARTTLS since it doesnt offer starttls in EHLO response. Please verify account settings etc.." Now I can log on to the server to download with IMAP. If option send with TLS if available is selected mail sends fine, however if send using TLS only chosen the above error is generated I can telnet locally on the serverto verify that tls starts.. 220 XXXX ESMTP Postfix ehlo mail 250-mail.XXX.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250 8BITMIME starttls 220 Ready to start TLS maillog shows initializing the server-side TLS engine etc but there is obviously no certification exchange as handshake not taking place smtpd.conf #Global parameters pwcheck_method: saslauthd mech_list: plain login main.cf readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp myorigin = $mydomain myhostname = mail.xxx.com mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, xxx.com, xxx.local mynetworks = 10.17.0.0/16, 127.0.0.0/8, 10.18.0.0/16, 10.19.0.0/16, 81.85.23.0/24 #SASL Support for clients smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smptd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes #TLS (Transport Layer Security) smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/newreq.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains smtpd_helo_required = yes #smtpd_recipient_restrictions = # permit_sasl_authenticated # permit_mynetworks # reject_non_fqdn_recipient # reject_non_fqdn_sender # reject_unknown_sender_domain # reject_unknown_recipient_domain # reject_unauth_destination # #reject_non_fqdn_hostname #reject_invalid_hostname # check_recipient_access hash:/etc/postfix/roleaccount_exceptions # permit smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, permit Can anyone help me?? |
Anyone able to give me any pointers please..?
Regards |
Can any one tell me if TLS is dependent on any ports being open other than port 25. So is it also dependent on SSL port 465 being open??
I cannot understand why a telnet session shows starttls can be established yet when the client tries the server complains that it does not offer starttls in ehlo response.. Any help would be greatly appreciated for this novice. Regards |
Any ideas anyone? I need some pointers please.
Regards |
All times are GMT -5. The time now is 03:18 AM. |