Trixbox, SMTP_AUTH via Postfix

metallica1973 · 02-20-2009, 02:52 PM

I read this article from this forum:

http://www.trixbox.org/wiki/howto-vo...c-att-your-isp

and can see that when I leave a message it goes into the postfix mail que but when it atttempt to send the email via my providers smtp server using smtp_auth via port 465 is fails. here is a snippet from the /var/log/mailllog. I got my smtp information from my e-mail client and it uses port 465 and secure socket layer or SSL to authentication. I have a feeling this is the issue. Is SMTP_Authentication the same as Secure connection over SSL? This has to be the issue!

Feb 20 15:39:43 trixbox1 postfix/smtp[5642]: 805912B8044: to=<test_user@test.com>, relay=smtpout.secureserver.net[64.202.165.58]:465, delay=300, delays=0.06/0.01/300/0, dsn=4.4.2, status=deferred (conversation with smtpout.secureserver.net[64.202.165.58] timed out while receiving the initial server greeting)
Feb 20 15:39:43 trixbox1 postfix/smtp[5641]: 8441D2B8043: to=<test_user@test.com>, relay=smtpout.secureserver.net[64.202.165.58]:465, delay=300, delays=0.11/0/300/0, dsn=4.4.2, status=deferred (conversation with smtpout.secureserver.net[64.202.165.58] timed out while receiving the initial server greeting)

metallica1973 · 02-20-2009, 04:58 PM

The port is the issue. In order to use SSL for secure connections my isp say that I need to use 465. Here is the configurations I had before:

PHP Code:



readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES 
smtpd_sasl_auth_enable = yes 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 
broken_sasl_auth_clients = yes 
smtp_sasl_auth_enable = yes 
smtp_always_send_ehlo = yes 
smtp_sasl_security_options = 
smtp_generic_maps = hash:/etc/postfix/generic 
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination 
relayhost = smtpout.secureserver.net:465 
myorigin = secureserver.net 
masquerade_domains = secureserver.net

and the minute I remove the 465:

PHP Code:



readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES 
smtpd_sasl_auth_enable = yes 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 
broken_sasl_auth_clients = yes 
smtp_sasl_auth_enable = yes 
smtp_always_send_ehlo = yes 
smtp_sasl_security_options = 
smtp_generic_maps = hash:/etc/postfix/generic 
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination 
relayhost = smtpout.secureserver.net 
myorigin = secureserver.net 
masquerade_domains = secureserver.net

It works fine but the problem is that my username and password are being transmitted over the net in plain text which defeats the purpose of smtp_auth. Where do I specify the port to use when trying to use smtp_auth?

metallica1973 · 02-20-2009, 05:28 PM

apparently Postfix doesn't support SMTPS or SSL without the use of a tool called STUNNEL.

http://www.debian-administration.org/articles/604

any other suggestions?

billymayday · 02-20-2009, 06:50 PM

Actually, the purpose of smtp auth is nothing to do with not transmitting in plaintext - that's what SSL/TLS is for.

Are you sure your ISP doesn't support TLS? For this you would use the methods described in http://www.postfix.org/TLS_README.html.

This would remove the need for stunnel.

Also note that when debugging these issues, try using debug_peer_level and debug_peer_list to get more detail in your logs.

HTH

metallica1973 · 02-20-2009, 11:40 PM

unfortunately they don't. stunnel it is.thanks