[lug] Postfix SSL config

Mike mikedawg at gmail.com
Fri Mar 29 12:05:28 MDT 2013 

Also, to note, port 465 is sort of the "old" way of doing smtps, verify
with the host (indra or whoever it is) that everything is correct with
that, but more modern mail systems actually use port 25 and just pretty
much use a starttls function to begin tls/ssl communication.

Thanks

Mike


On Fri, Mar 29, 2013 at 12:00 PM, <lug-request at lug.boulder.co.us> wrote:

> . . .
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 28 Mar 2013 16:21:58 -0600
> From: sullivan at indra.com
> Subject: [lug] Postfix SSL config
> To: lug at lug.boulder.co.us
> Message-ID: <9e5e8e4c09e9feb63995abfae352931b.squirrel at indra.com>
> Content-Type: text/plain;charset=iso-8859-1
>
> Hi,
>
> I'm trying to set up a simple email relay host, with my home
> linux box sending to smtp.indra.com.
> I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
> and I need to use SSL to talk to indra.
>
> I think SSL works on port 465 because I can use openssl to connect:
>
> openssl s_client -crlf -connect smtp.indra.com:465
> AUTH LOGIN
> 334 VXNlcm5hbWU6     # base64 prompt for "Userid:"
> (send my base64 userid)
> 334 UGFzc3dvcmQ6     # base64 prompt for "Password:"
> (send my base64 password)
> 235 2.0.0 OK Authenticated
>
>
> I tried to do this in postfix, by using
>   main.cf:
>     relayhost = smtp.indra.com:465
>     smtp_sasl_auth_enable = yes
>     smtp_sasl_mechanism_filter = login
>     smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
>   sasl/passwd:
>     [smtp.indra.com]:465 myUserName:myPasswd
>   postmap sasl/passwd
>   service postfix restart
>
> I get:
>   Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port
> smtps/465) is unimplemented
>   Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
> submission/587) with STARTTLS
>
> When I change to the port from 465 to 587 in the above 2 files
> and restart postfix, I get:
>
> Mar 28 14:25:47 helix postfix/smtp[10568]: C539F1822CD:
> to=<someone at indra.com>, relay=smtp.indra.com[209.169.0.20]:587, delay=7.1,
> delays=0.09/0/6.8/0.15, dsn=4.7.1, status=SOFTBOUNCE (host
> smtp.indra.com[209.169.0.20] said: 550 5.7.1 <someone at indra.com>... Access
> denied (in reply to RCPT TO command))
>
>
> Any thoughts?
>
> Many thanks,
>
> Steve
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 28 Mar 2013 18:04:12 -0600
> From: Christopher Robinson <chrobione at gmail.com>
> Subject: Re: [lug] Postfix SSL config
> To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>         <lug at lug.boulder.co.us>
> Message-ID:
>         <CAD9p2Vk0DfKaWUOJQ4nFXUwjyHSMf8P=
> LQVDZxXwXuVesrmqNw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hey Steve,
>
> I am not a email admin at all, but I did see this out in the world of
> googling. I think the issue is not that you changed the port or that
> SSL , but its not actually starting TLS correctly and that is why your
> having the (Soft Bounce).  I might be totally off base on this but  I
> would take a look at this site.
> http://qmail.jms1.net/starttls.shtml
> I think it will give you some helpful information.
> .
> HTH,
> --chrobione
>
> On Thu, Mar 28, 2013 at 4:21 PM,  <sullivan at indra.com> wrote:
> > Hi,
> >
> > I'm trying to set up a simple email relay host, with my home
> > linux box sending to smtp.indra.com.
> > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
> > and I need to use SSL to talk to indra.
> >
> > I think SSL works on port 465 because I can use openssl to connect:
> >
> > openssl s_client -crlf -connect smtp.indra.com:465
> > AUTH LOGIN
> > 334 VXNlcm5hbWU6     # base64 prompt for "Userid:"
> > (send my base64 userid)
> > 334 UGFzc3dvcmQ6     # base64 prompt for "Password:"
> > (send my base64 password)
> > 235 2.0.0 OK Authenticated
> >
> >
> > I tried to do this in postfix, by using
> >   main.cf:
> >     relayhost = smtp.indra.com:465
> >     smtp_sasl_auth_enable = yes
> >     smtp_sasl_mechanism_filter = login
> >     smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
> >   sasl/passwd:
> >     [smtp.indra.com]:465 myUserName:myPasswd
> >   postmap sasl/passwd
> >   service postfix restart
> >
> > I get:
> >   Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port
> > smtps/465) is unimplemented
> >   Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port
> > submission/587) with STARTTLS
> >
> > When I change to the port from 465 to 587 in the above 2 files
> > and restart postfix, I get:
> >
> > Mar 28 14:25:47 helix postfix/smtp[10568]: C539F1822CD:
> > to=<someone at indra.com>, relay=smtp.indra.com[209.169.0.20]:587,
> delay=7.1,
> > delays=0.09/0/6.8/0.15, dsn=4.7.1, status=SOFTBOUNCE (host
> > smtp.indra.com[209.169.0.20] said: 550 5.7.1 <someone at indra.com>...
> Access
> > denied (in reply to RCPT TO command))
> >
> >
> > Any thoughts?
> >
> > Many thanks,
> >
> > Steve
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 28 Mar 2013 20:42:35 -0600
> From: Lee Woodworth <blug-mail at duboulder.com>
> Subject: Re: [lug] Postfix SSL config
> To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>         <lug at lug.boulder.co.us>
> Message-ID: <5154FF9B.1050304 at duboulder.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> The postfix mailing list at www.postfix.org is where I see many
> knowledgeable
> people post. Make sure to follow the instructions in the welcome message on
> what to include in your post. You may find useful information about the
> failed
> delivery by doing (as a privileged user):
>
>      postqueue -p
>
> Include this information as well.
>
> On 03/28/2013 04:21 PM, sullivan at indra.com wrote:
> > Hi,
> >
> > I'm trying to set up a simple email relay host, with my home
> > linux box sending to smtp.indra.com.
> > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26,
> > and I need to use SSL to talk to indra.
> >
> ....
>
> > Mar 28 14:25:47 helix postfix/smtp[10568]: C539F1822CD:
> > to=<someone at indra.com>, relay=smtp.indra.com[209.169.0.20]:587,
> delay=7.1,
> > delays=0.09/0/6.8/0.15, dsn=4.7.1, status=SOFTBOUNCE (host
> > smtp.indra.com[209.169.0.20] said: 550 5.7.1 <someone at indra.com>...
> Access
> > denied (in reply to RCPT TO command))
>
> The message indicates a rejection by Indra's server. Ask the experts at
> postfix.org for help on determining if your postfix successfully
> authenticated
> (your prior test was for a different port, doesn't tell you about port
> 587).
>
>
>
>
> ------------------------------
>
> _______________________________________________
> LUG mailing list
> LUG at lug.boulder.co.us
> http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
>
> End of LUG Digest, Vol 113, Issue 14
> ************************************
>



-- 
Mike Harris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20130329/a6181a68/attachment.html>

More information about the LUG mailing list