John Baker a écrit : > Ok, that could be it. > > The main culprit I am trying to figure out is Entourage (I just noticed > a bunch of messages on that I should look through). > > The log for it looks like this: > > Dec 11 14:49:48 arnold postfix/smtpd[6341]: connect from > c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109] > Dec 11 14:49:48 arnold postfix/smtpd[6341]: lost connection after EHLO > from c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109] > Dec 11 14:49:48 arnold postfix/smtpd[6341]: disconnect from > c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109] > Dec 11 14:56:28 arnold postfix/smtpd[4671]: connect from > c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109] > Dec 11 14:56:28 arnold postfix/smtpd[4671]: setting up TLS connection > from c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109] > Dec 11 14:56:29 arnold postfix/smtpd[4671]: TLS connection established > from c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109]: TLSv1 with > cipher DES-CBC3-SHA (168/168 bits) > Dec 11 14:56:29 arnold postfix/smtpd[4671]: lost connection after EHLO > from c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109] > Dec 11 14:56:29 arnold postfix/smtpd[4671]: disconnect from > c-24-63-203-109.hsd1.nh.comcast.net[24.63.203.109] > > The error I am getting now is that the server does not support any of > the authentication methods. Before I was getting a greylist "try later" > message. I think it is trying on port 25. >
so you have a SASL issue. you need to check the value of smtpd_sasl_security_options smtpd_sasl_tls_security_options in particular, make sure the latter allows plaintext auth methods. you can set it to smtpd_sasl_tls_security_options = noanonymous you can also do a test with telnet: # telnet yourserver 25 ... EHLO host.example.com ... QUIT check the AUTH lines in the EHLO response. > Wrapper mode is not on and if I try Thunderbird with SSL it does default > to that port which is open in the firewall. But I get no attempted TLS > connection. My syslog just tracks that the ip/mac address is hitting it. > Thunderbird supports both "standard" mode (they call it "TLS") and wrapper mode (they call it "SSL"). you need to test each mode independently. trying to debug multiple problems at once is hard. > I notice in my log that there is one other instance of 168 DES ciphers > that appears to be failing while all other types appear to be working. > Could that be the issue? If so how do I fix it?
