Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-13-2008, 04:59 AM   #1
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Rep: Reputation: 15
TLS problems

Hi all,
I am having problems sending mail from mail clients where TLS is enabled (using thunderbird and outlook express)

I keep getting the error: "An error has occurred sending mail: unable to connect to SMTP server via STARTTLS since it doesnt offer starttls in EHLO response. Please verify account settings etc.."

Now I can log on to the server to download with IMAP. If option send with TLS if available is selected mail sends fine, however if send using TLS only chosen the above error is generated

I can telnet locally on the serverto verify that tls starts..

220 XXXX ESMTP Postfix
ehlo mail
250-SIZE 10240000
220 Ready to start TLS

maillog shows
initializing the server-side TLS engine etc
but there is obviously no certification exchange as handshake not taking place


#Global parameters
pwcheck_method: saslauthd
mech_list: plain login

readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
myorigin = $mydomain
myhostname =
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,, xxx.local
mynetworks =,,,,

#SASL Support for clients

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smptd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

#TLS (Transport Layer Security)

smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

smtpd_helo_required = yes

#smtpd_recipient_restrictions =
# permit_sasl_authenticated
# permit_mynetworks
# reject_non_fqdn_recipient
# reject_non_fqdn_sender
# reject_unknown_sender_domain
# reject_unknown_recipient_domain
# reject_unauth_destination
# #reject_non_fqdn_hostname
# check_recipient_access hash:/etc/postfix/roleaccount_exceptions
# permit

smtpd_client_restrictions = permit_mynetworks, reject_rbl_client, reject_rbl_client, reject_rbl_client, reject_rbl_client, reject_rbl_client, permit

Can anyone help me??

Last edited by i_nomad; 05-14-2008 at 04:46 AM.
Old 05-13-2008, 07:12 AM   #2
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Original Poster
Rep: Reputation: 15
Anyone able to give me any pointers please..?
Old 05-13-2008, 05:19 PM   #3
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Original Poster
Rep: Reputation: 15
Can any one tell me if TLS is dependent on any ports being open other than port 25. So is it also dependent on SSL port 465 being open??

I cannot understand why a telnet session shows starttls can be established yet when the client tries the server complains that it does not offer starttls in ehlo response..

Any help would be greatly appreciated for this novice.

Old 05-14-2008, 04:47 AM   #4
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Original Poster
Rep: Reputation: 15
Any ideas anyone? I need some pointers please.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
errno: TLS definition in /lib64/ section .tbss mismatches non-TLS reference johnpaulodonnell Programming 2 07-25-2008 05:37 AM
LDAP connection problems after enabling TLS kenneho Linux - Software 3 05-13-2008 07:04 AM
problems when running vsFTPd with TLS/SSL knudsen83 Linux - Server 2 01-08-2008 04:10 PM
vsftpd & tls problems vonedaddy Linux - Software 1 01-02-2008 05:56 PM
problems with nvidia's TLS jogurt666 Linux - Software 2 12-30-2004 11:48 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:02 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration