> > I uncommented the above line and added the following to main.cf:
> >
> > smtpd_tls_security_level = may
> >
> > as instructed here:
> >
> > http://www.postfix.org/TLS_README.html#server_enable
> >
> > and restarted postfix, but I still can't send. In claws-mail, I tried
> > specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS
> > isn't set up properly?
>
> You need more than that. My /etc/postfix/main.cf looks like this and
> you'll need to create the actual certs listed below as well. I recommend
> smtpd_tls_auth_only so that anyone trying to smtp auth is required to do
> it over an encrypted session.
>
> # TLS stuff
> smtpd_tls_security_level = may
> smtpd_tls_auth_only = yes
> smtpd_tls_key_file = /etc/postfix/newkey.pem
> smtpd_tls_cert_file = /etc/postfix/newcert.pem
> smtpd_tls_CAfile = /etc/postfix/cacert.pem
> #smtpd_tls_loglevel = 3
> #smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
>
> Additionally check to see what port Postfix is listening on. It's on
> port 465 on my server and you'll need to set your mail client to SSL
> rather than TLS.
Thank you kashani. Now I'm getting "Relay access denied". I've been
sending via squirrelmail running on the same server so I need to make
an adjustment. What I'd like to do is allow relaying for any
authenticated smtp client but I don't see any option for that in the
main.cf comments. I tried adding "grant" to the postdrop group with
no luck.
Here's my main.cf (I'm using postgrey):
mydestination = mydomain.com
setgid_group = postdrop
smtpd_recipient_restrictions =
permit_mynetworks,
check_policy_service inet:127.0.0.1:10030
reject_unauth_destination,
permit
virtual_alias_maps = hash:/etc/postfix/virtual
message_size_limit = 20480000
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
How does that look?
- Grant
--
gentoo-user@lists.gentoo.org mailing list
