Hello list,
I'm trying to set up a mail server to use SMTP over SSL and for some
reason it's not working. It does work if I choose *not* to configure
my mail client to use SSL. I'm using a self-signed certificate, and
when I attempt to send something I get the usual warning message about
non-verified certificate CA, then I click continue and get a "could
not connect" message (this is in Apple Mail.app). I'm relatively new
to Postfix and have set things up according to the directions here: http://articles.slicehost.com/email
I can telnet to port 465, but I don't get anything beyond "Escape
character is '^]'." I am also able to login to IMAP over SSL, so I'm
pretty sure the certificate itself is not borked. Basically I'm not
sure what I should try tweaking to proceed with my debugging.
Thanks in advance for any help!
-Dan
From /etc/postfix/mail.log:
Oct 18 18:40:30 mail postfix/smtpd[10425]: initializing the server-
side TLS engine
Oct 18 18:40:30 mail postfix/smtpd[10425]: connect from xxxxx
Oct 18 18:40:30 mail postfix/smtpd[10425]: setting up TLS connection
from xxxxx
Oct 18 18:40:30 mail postfix/smtpd[10425]: xxxxx: TLS cipher list
"ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Oct 18 18:40:30 mail postfix/smtpd[10425]: SSL_accept:before/accept
initialization
Oct 18 18:40:30 mail postfix/smtpd[10425]: SSL_accept:SSLv3 read
client hello A
Oct 18 18:40:30 mail postfix/smtpd[10425]: SSL_accept:SSLv3 write
server hello A
Oct 18 18:40:30 mail postfix/smtpd[10425]: SSL_accept:SSLv3 write
certificate A
Oct 18 18:40:30 mail postfix/smtpd[10425]: SSL_accept:SSLv3 write
server done A
Oct 18 18:40:30 mail postfix/smtpd[10425]: SSL_accept:SSLv3 flush data
Oct 18 18:40:30 mail postfix/smtpd[10425]: SSL_accept error from
xxxxx: -1
Oct 18 18:40:30 mail postfix/smtpd[10425]: lost connection after
CONNECT from xxxxx
Oct 18 18:40:30 mail postfix/smtpd[10425]: disconnect from xxxxx
My postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination =
myhostname = mail.gridfilter.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = no
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/mailcert.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 2
smtpd_use_tls = yes
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-forwards.cf,
mysql:/etc/postfix/mysql-email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-mailboxes.cf
virtual_transport = virtual
virtual_uid_maps = static:5000
