On 02/07/2012 04:50 PM, Kumar Krishna wrote: > Hi List, > > I have a postfix server based on CentOS 5 in which I have been trying to add > TLS encryption support for SMTP. > > >From the localhost when I do an EHLO, following is the output > > [root@xxxxxxx ~]# nc localhost 25 > 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix > EHLO localhost > 250-xxxxxxx.xxxx.xxx.xx > 250-PIPELINING > 250-SIZE 41943040 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-AUTH PLAIN LOGIN > 250-AUTH=PLAIN LOGIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > However from a remote location when I do the EHLO, the response does not > contains STARTTLS, ENHANCEDSTATUSCODES and DSN > > krishna@L03:~$ nc xxxxxxx.xxxx.xxx.xx 25 > 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix > EHLO localhost > 250-xxxxxxx.xxxx.xxx.xx > 250-PIPELINING > 250-SIZE 41943040 > 250-VRFY > 250-ETRN > 250-AUTH PLAIN LOGIN > 250 8BITMIME > > > I have done some googling and found this might be because of the Cisco > Router's "ESMTP Fix". However Can someone here tell me if there are any > settings in master.cf or main.cf that might result in similar behaviour? > > Regards, > KRiSHNA > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos
>From http://www.postfix.org/TLS_README.html By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix is visible. Explicitly switch it on with "smtpd_tls_security_level = may". /etc/postfix/main.cf: smtpd_tls_security_level = may With this, the Postfix SMTP server announces STARTTLS support to remote SMTP clients, but does not require that clients use TLS encryption. My tls configuration looks something like this: # INCOMING TLS (smtpd server) smtpd_tls_security_level = may smtpd_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/certs/tls.key smtpd_tls_cert_file = /etc/postfix/certs/tls.crt smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt smtpd_tls_CApath = /etc/postfix/certs smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # OUTGOING TLS (SMTP transport) smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes Nataraj _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
