2009/7/16 Brian Evans - Postfix List <grkni...@scent-team.com>: > Juan Miscaro wrote: >> I had STARTTLS working for port 25 for many months with no problem. I >> am using amavisd-new/spamassassin as content filter. But now, due to >> port blocking, I need to set this up on port 587 so I can send mail >> directly to my server with my mail client (thunderbird). >> >> I made a change to master.cf by duplicating what I had for port 25 and >> added tls and smtp-auth: >> >> # Step 1b - Listens on port 587 for incoming internet connections from MUAs >> # and hands off mail to content filter listening on port 10024 >> 587 inet n - n - 2 smtpd >> -o smtpd_tls_security_level=encrypt >> -o smtpd_sasl_auth_enable=yes >> -o content_filter=smtp-amavis:[127.0.0.1]:10024 >> -o receive_override_options=no_address_mappings >> >> >> Yet when I telnet from localhost Postfix is not offering any services: >> >> $ telnet localhost 587 >> Trying ::1... >> telnet: connect to address ::1: Connection refused >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> 220 mail.example.com ESMTP >> helo localhost >> > > Unless you send "EHLO localhost", you will never see it. > >> 250 mail.example.com >> quit >> 221 2.0.0 Bye >> Connection closed by foreign host. >> >> >> Here is my current configuration: >> >> $ postconf -n >> >> smtpd_tls_security_level = encrypt >> > You want to block all smtpd's if they don't use TLS?? > This is only recommended on a submission port. > Otherwise, it can/will block normal internet mail. > > Suggested main.cf setting is "smtpd_tls_security_level = may", then > override in master.cf if needed. > > Brian > >
Argh! Thanks guys (re ehlo vs helo). And, Brian, thanks for the second tip (encrypt vs may). -- /jm
