On Sat, Dec 20, 2008 at 7:51 PM, Sahil Tandon <sa...@tandon.net> wrote:
> Asif Iqbal wrote:
>
>> I did but still failing to relay through gmail
>>
>> Dec 20 14:24:32 improvise postfix/qmgr[19372]: 4238710E3AA:
>> from=<iqb...@improvise.lan>, size=444, nrcpt=1 (queue active)
>> Dec 20 14:24:32 improvise postfix/smtp[19431]: 4238710E3AA:
>> to=<vad...@gmail.com>, relay=smtp.gmail.com[209.85.163.109]:587,
>> delay=0.31, delays=0.03/0.08/0.16/0.04, dsn=5.7.0, status=bounced
>> (host smtp.gmail.com[209.85.163.109] said: 530 5.7.0 Must issue a
>> STARTTLS command first. h27sm3099851elf.16 (in reply to MAIL FROM
>> command))
>>
>> Here are my configs
>>
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>
> These two are unnecessary; delete them.
>
>> smtpd_tls_security_level = encrypt
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>
> smtpd != smtp. You need the latter.
still failing.
Dec 20 21:25:19 improvise postfix/pickup[6719]: 9E9F510E7DF: uid=1000
from=<iqbala>
Dec 20 21:25:19 improvise postfix/cleanup[7155]: 9E9F510E7DF:
message-id=<20081221022519.9e9f510e...@improvise.lan>
Dec 20 21:25:19 improvise postfix/qmgr[6721]: 9E9F510E7DF:
from=<iqb...@improvise.lan>, size=443, nrcpt=1 (queue active)
Dec 20 21:25:19 improvise postfix/smtp[7157]: certificate verification
failed for smtp.gmail.com[74.125.45.111]:587: untrusted issuer
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
Dec 20 21:25:19 improvise postfix/smtp[7157]: warning: SASL
authentication failure: No worthy mechs found
Dec 20 21:25:19 improvise postfix/smtp[7157]: 9E9F510E7DF: SASL
authentication failed; cannot authenticate to server
smtp.gmail.com[74.125.45.111]: no mechanism available
Dec 20 21:25:20 improvise postfix/smtp[7157]: certificate verification
failed for smtp.gmail.com[74.125.45.109]:587: untrusted issuer
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
Dec 20 21:25:20 improvise postfix/smtp[7157]: warning: SASL
authentication failure: No worthy mechs found
Dec 20 21:25:20 improvise postfix/smtp[7157]: 9E9F510E7DF:
to=<va...@gmail.com>, relay=smtp.gmail.com[74.125.45.109]:587,
delay=0.68, delays=0.04/0.02/0.63/0, dsn=4.7.0, status=deferred (SASL
authentication failed; cannot authenticate to server
smtp.gmail.com[74.125.45.109]: no mechanism available)
So I tried the openssl test and looks like I need a real certificate?!
iqb...@improvise:~$ openssl s_client -starttls smtp -connect smtp.gmail.com:587
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDYzCCAsygAwIBAgIQUR2EgGT4+hGKEhCgLMX2sjANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA3MDczMDAwMDAwMFoXDTEwMDcyOTIzNTk1OVow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnNtdHAu
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD+RiG+G3Mo9Q9C
tcwDjpp6dJGifjiR5M2DbEbrsIOlth80nk5A7xstKCUfKobHkf/G9Y/DO24JP5yT
s3hWep05ybyiCmOzGL5K0zy3jIq0vOWy+4pLv2GsDjYi9mQBhobAAx3z38tTrTL+
WF4p0/Kl014+wnukIpj4MdF35rIkgQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQUFAAOBgQBeNYOZwMVQ7bd6b4sueAkgm57Cyv2p1Xv1
52e8bLnWqd03mWgn/+TQtrwbE1E6pVuQaZJY33ILpt8IfzwVf2TGQI+M5yazZ2fC
xwArHo20iAss3MLQR8tDXWfBoH2Lk9BBsEKDRP4hp83yfpZgdY3pinHTCbqHpsiS
v97epiiFBA==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 1212 bytes and written 335 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 30A514C6173FAD17F9F0E1B2B45511CE66CFE70BA7728B425CCD00D2BF823913
Session-ID-ctx:
Master-Key:
9D4D9050421343838C729A068A08F04EC1CD19ECC00D2408565A7400E14B472630AD26BFB647A2731197F7ED79CD656D
Key-Arg : None
Start Time: 1229826221
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
250 ENHANCEDSTATUSCODES
>
>> I followed this
>>
>> http://www.postfix.org/SASL_README.html#client_sasl
>
> Also follow this: http://www.postfix.org/TLS_README.html
>
> --
> Sahil Tandon <sa...@tandon.net>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
