Re: Weird disconnections after RCPT using TLS

Tue, 16 Dec 2008 20:59:03 -0800 

On Tue, Dec 16, 2008 at 09:27:46PM -0500, Victor Duchovni wrote:

> Let's try to whittle this down to a simpler reproducible configuration.
> Try to drop other elements of smtpd_sender_restrictions, and find the
> smallest problematic combination.

I'd like to suggest as a starting point the minimal configuration that
has SASL, TLS and your virtual mailbox domain with the key same sender
and recipient restrictions using "static:" tables only. Will the below
main.cf exhibit the problem? If this is not enough, we can add PgSQL
and or LDAP tables one at a time. Is there any chance of "DLL-hell"?
Do OpenLDAP or Postgres by any chance link to a different SSL library?

-------- cut ------------
myhostname = test.test.bg
mynetworks = 127.0.0.0/8
recipient_delimiter = +

mydestination =
local_recipient_maps =

# STMP Server SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = static:test

# SMTP Server Access control
smtpd_client_restrictions =
        # Just in case these checks matter
        permit_mynetworks,
        permit_sasl_authenticated
smtpd_helo_restrictions =
        # Just in case these checks matter
        permit_mynetworks,
        permit_sasl_authenticated
smtpd_sender_restrictions =
        permit_mynetworks,
        reject_sender_login_mismatch,
        permit_sasl_authenticated
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination

# SMTP server TLS
smtpd_tls_loglevel = 4
smtpd_tls_CAfile = /etc/ssl/pem/ICH_SSL_CA_chain.crt
smtpd_tls_cert_file = /etc/ssl/pem/mail.test.bg.crt
smtpd_tls_key_file = /etc/ssl/pem/mail.test.bg.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

# Virtual mailbox domain
virtual_mailbox_domains = test.bg
virtual_mailbox_base = /
# Adjust path to taste
virtual_mailbox_maps = static:/var/spool/vmbox/test.bg/test
virtual_minimum_uid = 1000
virtual_gid_maps = static:1001
virtual_uid_maps = static:1001
-------- cut ------------

-- 
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Reply via email to