[lug] Postfix SSL config

Christopher Robinson chrobione at gmail.com
Thu Mar 28 18:04:12 MDT 2013


Hey Steve,

I am not a email admin at all, but I did see this out in the world of
googling. I think the issue is not that you changed the port or that
SSL , but its not actually starting TLS correctly and that is why your
having the (Soft Bounce).  I might be totally off base on this but  I
would take a look at this site.
http://qmail.jms1.net/starttls.shtml
I think it will give you some helpful information.
.
HTH,
--chrobione

On Thu, Mar 28, 2013 at 4:21 PM,  <sullivan at indra.com> wrote:
> Hi,
>
> I'm trying to set up a simple email relay host, with my home
> linux box sending to smtp.indra.com.
> I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
> and I need to use SSL to talk to indra.
>
> I think SSL works on port 465 because I can use openssl to connect:
>
> openssl s_client -crlf -connect smtp.indra.com:465
> AUTH LOGIN
> 334 VXNlcm5hbWU6     # base64 prompt for "Userid:"
> (send my base64 userid)
> 334 UGFzc3dvcmQ6     # base64 prompt for "Password:"
> (send my base64 password)
> 235 2.0.0 OK Authenticated
>
>
> I tried to do this in postfix, by using
>   main.cf:
>     relayhost = smtp.indra.com:465
>     smtp_sasl_auth_enable = yes
>     smtp_sasl_mechanism_filter = login
>     smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
>   sasl/passwd:
>     [smtp.indra.com]:465 myUserName:myPasswd
>   postmap sasl/passwd
>   service postfix restart
>
> I get:
>   Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port
> smtps/465) is unimplemented
>   Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
> submission/587) with STARTTLS
>
> When I change to the port from 465 to 587 in the above 2 files
> and restart postfix, I get:
>
> Mar 28 14:25:47 helix postfix/smtp[10568]: C539F1822CD:
> to=<someone at indra.com>, relay=smtp.indra.com[209.169.0.20]:587, delay=7.1,
> delays=0.09/0/6.8/0.15, dsn=4.7.1, status=SOFTBOUNCE (host
> smtp.indra.com[209.169.0.20] said: 550 5.7.1 <someone at indra.com>... Access
> denied (in reply to RCPT TO command))
>
>
> Any thoughts?
>
> Many thanks,
>
> Steve
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety



More information about the LUG mailing list