On Aug 10, 2009, at 1:16 PM, Brian Evans - Postfix List <grkni...@scent-team.com
> wrote:
Ebbe Hjorth wrote:
Hi,
I just installed FreeBSD, postfix and dovecot.
I tried to do the setup from purplehat.org <http://purplehat.org>,
but
i keep getting the following error, please help.
Aug 9 14:22:55 mail02 postfix/smtpd[1969]: SSL_accept error from
mail-ew0-f224.google.com
<http://mail-ew0-f224.google.com>[209.85.219.224]: -1
Aug 9 14:22:55 mail02 postfix/smtpd[1855]: connect from
bzq-79-182-42-58.red.bezeqint.net
<http://bzq-79-182-42-58.red.bezeqint.net>[79.182.42.58]
Aug 9 14:22:55 mail02 postfix/smtpd[1969]: lost connection after
CONNECT from mail-ew0-f224.google.com
<http://mail-ew0-f224.google.com>[209.85.219.224]
See comments below.
mail02# postconf -n
[snip]
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_rbl_client list.dsbl.org
<http://list.dsbl.org>, reject_rbl_client bl.spamcop.net
<http://bl.spamcop.net>, reject_rbl_client sbl-xbl.spamhaus.org
<http://sbl-xbl.spamhaus.org>
reject_unauth_pipelining has little value here.
If the OP installed postfix from FreeBSD ports, then it's likely 2.6+,
in which case this is OK here. See postconf(5) and 2.6.3 release notes.
dsbl.org is dead. You should remove it.
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks
Worthless, suggest removing it to reduce confusion.
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
This doesn't seem right.
The CA, cert and key files should NOT be the same.
Google is your friend.
A great guide by a frequent poster here is
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html
smtpd_use_tls = yes
This is depreciated as of Postfix 2.3 (though still works).
Preferred is "smtpd_tls_security_level=may"
