Thanks Daniel. I changed master.cf to:
10026 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes 126 inet n - n - - smtpd -o syslog_name=assptls -o smtpd_tls_wrappermode=yes -o smtpd_proxy_filter= -o myhostname=mail.bordo.com.au <http://mail.bordo.com.au/> When I try to send an email, ASSP logs: Dec-11-18 15:16:54 [Worker_10000] Info: Net::SMTP is used to send mail (will try STARTTLS) Dec-11-18 15:16:55 [Worker_10000] Error: Couldn't connect to 127.0.0.1:10026 using 'Net::SMTP' Dec-11-18 15:16:55 [Worker_10000] *** send to 127.0.0.1:10026 (smtpDestination) didn't work, trying others... Dec-11-18 15:17:21 [Worker_10000] Info: saving Stats in file asspstats.sav Dec-11-18 15:17:21 [Worker_10000] Info: saving ScoreStats in file asspscorestats.sav Dec-11-18 15:17:21 [Worker_10000] Info: saving internal Caches in to folder /Applications/assp/tmpDB/files Dec-11-18 15:17:24 [Main_Thread] Info: no (more) data readable (connection possibly closed by browser) Dec-11-18 15:17:24 [Main_Thread] Admin connection from user root on host ::1:57054; page:/infostats; Dec-11-18 15:17:24 [Main_Thread] Info: saving Stats in file asspstats.sav Dec-11-18 15:17:24 [Main_Thread] Info: saving ScoreStats in file asspscorestats.sav Dec-11-18 15:17:24 [Main_Thread] Info: saving internal Caches in to folder /Applications/assp/tmpDB/files Dec-11-18 15:18:54 [Main_Thread] Info: no (more) data readable (connection possibly closed by browser) Dec-11-18 15:18:54 [Main_Thread] Admin connection from user root on host ::1:57057; page:/; Dec-11-18 15:20:46 [Worker_1] Info: try to connect to server at 127.0.0.1:10026 Dec-11-18 15:20:46 [Worker_1] Info: connected to server at 127.0.0.1:10026 Dec-11-18 15:20:46 [Worker_1] Connected: session:7FF3EE3E2478 ::1:57060 > ::1:465 > 127.0.0.1:57061 > 127.0.0.1:10026 , 32-36 Dec-11-18 15:20:46 [Worker_1] ::1 info: bad line-end sequence in '????????????&3?4???A??????C??Yf?????S?]???? ?&Y?K????.?[?????y?8 3/?`?a?n????????????+?/?????,?0?????/?5?[LF]???????????? localhost??????????[LF]???????????????????????#????????????3?k?i??? $R??????2??5???D????????=??)Ws?x???A?a??i5??????/pa?"???m[?AB???`??c??z??~???#?y???|4U[CR]??f?: R[CR]u?? ?Q?+? ??????????[CR]???????????????????????????-?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????' from ::1 was corrected to '????????????&3?4???A??????C??Yf?????S?]???? ?&Y?K????.?[?????y?8 3/?`?a?n????????????+?/?????,?0?????/?5?[CR][LF]???????????? localhost??????????[CR][LF]???????????????????????#????????????3?k?i??? $R??????2??5???D????????=??)Ws?x???A?a??i5??????/pa?"???m[?AB???`??c??z??~???#?y???|4U[CR][LF]??f?: R[CR][LF]u?? ?Q?+? ??????????[CR][LF]???????????????????????????-?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????' Dec-11-18 15:20:46 [Worker_1] [unsupported_SMTP_line_terminator] ::1 malformed line terminator used in SMTP command Dec-11-18 15:20:46 [Worker_1] [unsupported_SMTP_line_terminator] ::1 warning: got an unexpected SSLv3/TLS handshake Client-Helo-Frame of version (03.01) from IP '::1' at local IP '::1' and Port '465' - this frame is ignored Dec-11-18 15:20:48 [Worker_1] info: no (more) data readable from 127.0.0.1:10026 (connection closed by peer) Dec-11-18 15:21:18 [Worker_10000] Info: switched (DNS) nameserver order from 1.1.1.1 , 192.168.1.29 to 192.168.1.29 , 1.1.1.1 Postfix logs: 2018-12-11 15:20:46.973428+1100 0xeb2a2 Info 0x0 85671 0 smtpd: connect from localhost[127.0.0.1] 2018-12-11 15:20:46.973620+1100 0xeb2a2 Default 0x0 85671 0 smtpd: warning: SASL: Connect to private/auth failed: Connection refused 2018-12-11 15:20:46.973650+1100 0xeb2a2 Default 0x0 85671 0 smtpd: fatal: no SASL authentication mechanisms 2018-12-11 15:20:48.016397+1100 0x5e325 Default 0x0 42468 0 master: warning: process /usr/local/libexec/postfix/smtpd pid 85671 exit status 1 2018-12-11 15:20:48.016471+1100 0x5e325 Default 0x0 42468 0 master: warning: /usr/local/libexec/postfix/smtpd: bad command startup — throttling I have perl module IO::Socket::SSL version 2.060 installed. listenPort2 is 465 smtpAuthServer is SSL:127.0.0.1:126 James. > On 11 Dec 2018, at 2:22 pm, Daniel Miller via Assp-test > <assp-test@lists.sourceforge.net <mailto:assp-test@lists.sourceforge.net>> > wrote: > > On 12/10/2018 2:59 PM, James Brown via Assp-test wrote: >> >>> On 11 Dec 2018, at 8:55 am, Daniel Miller via Assp-test >>> <assp-test@lists.sourceforge.net <mailto:assp-test@lists.sourceforge.net>> >>> wrote: >>> >>> On 12/10/2018 5:06 AM, James Brown via Assp-test wrote: >>>> I’m trying to properly setup Postfix, ASSP, and Dovecot are on the same >>>> machine. My problem is with users submitting emails. >>>> >>>> >>> I run exactly the setup above - with a totally different config. A few >>> things: >>> >>> ASSP (as I understand it) should be setup as the "public" interface for all >>> SMTP connections - whether internet senders, authenticated clients, or >>> internal LAN. So ASSP generally listens on ports 25 & 587 - I don't use >>> 465. >>> >>> listenPort:=25 >>> smtpDestination:=127.0.0.1:125 >>> listenPort2:=587 >>> smtpAuthServer:=SSL:127.0.0.1:126 >>> NoAUTHlistenPorts:=25 >>> There are a number of other ASSP settings you'll have to tweak of course - >>> but this are the basics to communicate. So unauthenticated internet >>> senders connect to port 25 which is forwarded to Postfix on port 125. >>> Authenticated senders on port 587, using SSL (and you may want to wait to >>> get SSL setup until the basic connections are working), go to Postfix on >>> port 126. >>> >>> Postfix master.cf: >>> >>> # Listeners for mail FROM assp. This is mail from the Internet >>> # destined for local delivery >>> # >>> 127.0.0.1:125 inet n - y - - smtpd >>> -o syslog_name=assp >>> -o smtpd_proxy_filter= >>> -o myhostname=<your public hostname here> >>> >>> # Listener for dedicated TLS/SSL mode. Historically intended for port 465 >>> support. >>> # Non-TLS connections will not initiate. >>> # Functionally identical to previous listener - simply adds TLS line. >>> # Comment out the TLS Wrapper for initial setup. >>> 127.0.0.1:126 inet n - y - - smtpd >>> -o syslog_name=assptls >>> -o smtpd_tls_wrappermode=yes >>> -o smtpd_proxy_filter= >>> -o myhostname=<your public hostname here> >>> >>> At this point Dovecot has nothing to do with either ASSP or Postfix. >>> Dovecot should still be unrelated to ASSP - but if you want to use Dovecot >>> for local delivery (a good idea) or authentication (another good idea) >>> there's more to configure in Postfix, primarily in main.cf >>> >>> See if the above gets you working SMTP connections - then take the next >>> step. >>> >>> -- >>> Daniel >>> >> >> Thanks Bob and Daniel. >> >> This is similar to my current (old) mail server setup. I’m using 465 for >> submission as that seems to be the preferred way now ("The latter port (465) >> was previously deprecated, but this changed with RFC 8314 >> <https://tools.ietf.org/html/rfc8314> and its use is now recommended to >> ensure security.” - Simple Mail Transfer Protocol - Wikipedia >> <https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol> ). With ASSP >> handling the SSL on submissions I get ‘SSL wants a read first” error at >> least once a day. I have to restart ASSP to allow the person to send emails >> again. >> >> Now with the new machine I’m setting up, I get this ‘SSL wants a read first’ >> error for every message I try to send. When I asked Thomas about this he >> said: >> >> remember "NEVER connect clients directly to ASSP" + "DO NOT use ASSP as a >> client connector” >> >> And he said: >> >> the recommended mail flow is >> https://sourceforge.net/p/assp/wiki/ASSP_Advanced_Workflow/ >> <https://sourceforge.net/p/assp/wiki/ASSP_Advanced_Workflow/> >> >> Trying to implement this mail flow is where I came unstuck! >> >> (My new server is running macOS Mojave, perl is 5.028, ASSP is 2.6.2 build >> 18339) >> >> James. >> > James, > > Try the setup I suggested previously. With the "smtpd_tls_wrappermode=yes" > set for Postfix it will require TLS for the initial connection - no > cleartext. With ASSP connecting to that port via > "smtpAuthServer:=SSL:127.0.0.1:126" - that should eliminate your issue. > > Now, it's up to you whether or not ASSP listens publicly on port 465, 587, or > anything else via listenPort2. Whether (LAN-side) clients connect to Postfix > first and then ASSP - I don't see the benefit given that all internet traffic > is the reverse. It's certainly possible to have Postfix be the LAN-side > listener - just adds another layer. Then you can play with ASSP's relayHost > & associated settings as well. I had it once flowing back and forth between > Postfix & ASSP - but what's the point? > > If ASSP is *supposed* to examine all mail that gets sent (for ham copy > purposes if nothing else) then I don't see a load reduction that would > benefit anything. However, if clients are either filtered out *prior* to > connecting to ASSP, or if there is other content-based filtering that reduces > the load on ASSP, then that would justify it. > > -- > Daniel > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/assp-test
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
