Am 05.12.2010 11:41, schrieb Christian Roessner: > Hi, > > first of all, I am not an SSL expert, so I hope you could help me > understanding something. I have Postfix configured as MSA/MTA with latest > postfix experimental. On port 25 of the mx0.roessner-net, which is the main > mail exchanger for other MTAs, I do not offer AUTH, but want to offer > STARTTLS. > > On the MSA side, the side to my clients, I wish to offer STARTTLS and AUTH. > So I put the smtpd_sasl_auth_enable=yes option into master.cf. > > So far so good. > > When I use telnet to connect to mx0.roessner-net.de 25, waiting for > postscreen to allow me sending EHLO, I only get the following list of > commands: > > Trying 78.46.253.227... > Connected to mx0.roessner-net.de. > Escape character is '^]'. > 220-mx0.roessner-net.de ESMTP > 220 mx0.roessner-net.de ESMTP > EHLO client.unitymedia.org > 250-mx0.roessner-net.de > 250-SIZE 31457280 > 250-ETRN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > Where is the STARTTLS? When I look at the logs, I see that servers use TLS to > communicate with my server. So could someone tell me, how the trick works? To > do TLS without seeing the STARTTLS command? And I do not have 465 open. Only > 25. > > Thanks to anybody who might like to bring light into dark for me :-)
Check TLS_README (or .html or whatever you have aounrd) for the server-side TLS settings, you need to add some smtpd_tls_* and tls_* options. -- Matthias Andree
