Christian Roessner <c...@roessner-network-solutions.com> writes:
> Hi,
>
> first of all, I am not an SSL expert, so I hope you could help me
> understanding something. I have Postfix configured as MSA/MTA with latest
> postfix experimental. On port 25 of the mx0.roessner-net, which is the main
> mail exchanger for other MTAs, I do not offer AUTH, but want to offer
> STARTTLS.
>
> On the MSA side, the side to my clients, I wish to offer STARTTLS and AUTH.
> So I put the smtpd_sasl_auth_enable=yes option into master.cf.
>
> So far so good.
>
> When I use telnet to connect to mx0.roessner-net.de 25, waiting for
> postscreen to allow me sending EHLO, I only get the following list of
> commands:
>
> Trying 78.46.253.227...
> Connected to mx0.roessner-net.de.
> Escape character is '^]'.
> 220-mx0.roessner-net.de ESMTP
> 220 mx0.roessner-net.de ESMTP
> EHLO client.unitymedia.org
> 250-mx0.roessner-net.de
> 250-SIZE 31457280
> 250-ETRN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
>
> Where is the STARTTLS? When I look at the logs, I see that servers use TLS to
> communicate with my server. So could someone tell me, how the trick works? To
> do TLS without seeing the STARTTLS command? And I do not have 465 open. Only
> 25.
>
> Thanks to anybody who might like to bring light into dark for me :-)
telnet is the wrong tool.
openssl s_client -connect mx0.roessner-net.de:25 -startls smtp \
-CAfile /path/to/ca
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E
