LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   TLS problems (https://www.linuxquestions.org/questions/linux-newbie-8/tls-problems-641829/)

i_nomad 05-13-2008 03:59 AM
TLS problems
 
Hi all,
I am having problems sending mail from mail clients where TLS is enabled (using thunderbird and outlook express)

I keep getting the error: "An error has occurred sending mail: unable to connect to SMTP server XXX.com via STARTTLS since it doesnt offer starttls in EHLO response. Please verify account settings etc.."

Now I can log on to the server to download with IMAP. If option send with TLS if available is selected mail sends fine, however if send using TLS only chosen the above error is generated

I can telnet locally on the serverto verify that tls starts..

220 XXXX ESMTP Postfix
ehlo mail
250-mail.XXX.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
starttls
220 Ready to start TLS


maillog shows
initializing the server-side TLS engine etc
but there is obviously no certification exchange as handshake not taking place

smtpd.conf

#Global parameters
pwcheck_method: saslauthd
mech_list: plain login


main.cf

readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
myorigin = $mydomain
myhostname = mail.xxx.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, xxx.com, xxx.local
mynetworks = 10.17.0.0/16, 127.0.0.0/8, 10.18.0.0/16, 10.19.0.0/16, 81.85.23.0/24

#SASL Support for clients

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smptd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes


#TLS (Transport Layer Security)

smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

smtpd_helo_required = yes

#smtpd_recipient_restrictions =
# permit_sasl_authenticated
# permit_mynetworks
# reject_non_fqdn_recipient
# reject_non_fqdn_sender
# reject_unknown_sender_domain
# reject_unknown_recipient_domain
# reject_unauth_destination
# #reject_non_fqdn_hostname
#reject_invalid_hostname
# check_recipient_access hash:/etc/postfix/roleaccount_exceptions
# permit

smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, permit




Can anyone help me??

i_nomad 05-13-2008 06:12 AM
Anyone able to give me any pointers please..?
Regards

i_nomad 05-13-2008 04:19 PM
Can any one tell me if TLS is dependent on any ports being open other than port 25. So is it also dependent on SSL port 465 being open??

I cannot understand why a telnet session shows starttls can be established yet when the client tries the server complains that it does not offer starttls in ehlo response..

Any help would be greatly appreciated for this novice.

Regards

i_nomad 05-14-2008 03:47 AM
Any ideas anyone? I need some pointers please.

Regards


All times are GMT -5. The time now is 03:18 AM.