hi there list people,
I am just getting used to admin'ing postfix and got TLS working on both
port 25 and port 587.
I am now attempting to get SSL via port 465 working. I have the port
answering, can see the banner, and can even authenticate when I 'telnet
localhost 465' after generating a user's test string with "perl
-MMIME::Base64 -e 'print encode_base64("username\0username\0password");'"
but when I use thunderbird, which authenticates fine with the old server
running sendmail with SSL/port 465 answering. tbird just Hangs and
eventually claims "the connection has failed"
on the server side logs in /var/log/mail.info I can see the connection
and then a disconnect. there is never authentication shown as granted.
But the same exact account and password works fine with TLS via port
587 or port 25.
What else can I try? What should I be looking for?
After the EHLO hostname
250-enabled.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
and a slightly modified postconf -n - real IPs and domains removed.
:/etc/postfix# postconf -n
alias_database = hash:/etc/postfix/aliases
hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/postfix/aliases hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 4h
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = domain.com
myhostname = domain.com
mynetworks = 1.1.1.1/32 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = domain.com
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = <domains here>
virtual_alias_maps = hash:/etc/postfix/virtual
hash:/var/lib/mailman/data/virtual-mailman
Cheers,
Noah
