TLS problems
Hi all,
I am having problems sending mail from mail clients where TLS is enabled (using thunderbird and outlook express)
I keep getting the error: "An error has occurred sending mail: unable to connect to SMTP server XXX.com via STARTTLS since it doesnt offer starttls in EHLO response. Please verify account settings etc.."
Now I can log on to the server to download with IMAP. If option send with TLS if available is selected mail sends fine, however if send using TLS only chosen the above error is generated
I can telnet locally on the serverto verify that tls starts..
220 XXXX ESMTP Postfix
ehlo mail
250-mail.XXX.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
starttls
220 Ready to start TLS
maillog shows
initializing the server-side TLS engine etc
but there is obviously no certification exchange as handshake not taking place
smtpd.conf
#Global parameters
pwcheck_method: saslauthd
mech_list: plain login
main.cf
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
myorigin = $mydomain
myhostname = mail.xxx.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, xxx.com, xxx.local
mynetworks = 10.17.0.0/16, 127.0.0.0/8, 10.18.0.0/16, 10.19.0.0/16, 81.85.23.0/24
#SASL Support for clients
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smptd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
#TLS (Transport Layer Security)
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
smtpd_helo_required = yes
#smtpd_recipient_restrictions =
# permit_sasl_authenticated
# permit_mynetworks
# reject_non_fqdn_recipient
# reject_non_fqdn_sender
# reject_unknown_sender_domain
# reject_unknown_recipient_domain
# reject_unauth_destination
# #reject_non_fqdn_hostname
#reject_invalid_hostname
# check_recipient_access hash:/etc/postfix/roleaccount_exceptions
# permit
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, permit
Can anyone help me??
Last edited by i_nomad; 05-14-2008 at 03:46 AM.
|