On Saturday, July 31, 2010 at 17:46 CEST,
donovan jeffrey j <dono...@beth.k12.pa.us> wrote:
> this is an older 10.4 machine. I just tested it with a 10.4.11 I just
> enabled their gui for smtpd Auth
> the result matched my config but i recieevd the same test results;
>
> client side starttls it just sits and waits.
As I said in my first response, the server has given its EHLO response
and is indeed waiting for a new command from the client. This is
expected behaviour.
> 10.4.11
> imap2:~ root# telnet localhost 25
> Trying ::1...
> telnet: connect to address ::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 imap2.beth.k12.pa.us ESMTP Postfix
> EHLO imap2.beth.k12.pa.us
> 250-imap2.beth.k12.pa.us
> 250-PIPELINING
> 250-SIZE 20971520
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME
Okay, no AUTH line in the EHLO response so authentication is not
supported.
>
> then I tested it with 10.5.8 and 10.6
> map3:postfix root# telnet localhost 25
> Trying ::1...
> telnet: connect to address ::1: Connection refused
> Trying fe80::1...
> telnet: connect to address fe80::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 imap3.beth.k12.pa.us ESMTP Postfix
> EHLO imap3.beth.k12.pa.us
> 250-imap3.beth.k12.pa.us
> 250-PIPELINING
> 250-SIZE 15728640
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN CRAM-MD5
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
This looks better; this server can authenticate clients via the LOGIN,
PLAIN, and CRAM-MD5 mechanisms. Did you try to authenticate with an SMTP
client?
> server side.
>
> is it bad to have some clients initiate the Starttls ?
Pardon? If it's bad to use TLS via STARTTLS? No.
--
Magnus Bäck
mag...@dsek.lth.se
