On Wed, Jan 05, 2011 at 10:48:21PM -0500, brian wrote:
> Postfix 2.5.6-1
> Cyrus SASL 2.1.22-8
>
> I receive the following error when attempting to connect on port 465:
> -- snip --
> $ openssl s_client -connect mail.MYDOMAIN:465
> CONNECTED(00000003)
> ...
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ...
> No client certificate CA names sent
> ...
> 554 5.7.1 <bas12-kitchener06-1242508381.dsl.bell.ca[74.15.44.93]>: Client
> host rejected: Access denied
The SSL handshake worked just fine, what's the problem?
>
> I also tried with starttls:
>
> $ openssl s_client -connect mail.MYDOMAIN:465 -starttls smtp
> CONNECTED(00000003)
No surprise, SSL wrapper-mode is not STARTTLS. You get dead-lock
since the server is waiting for a client SSL hello, and the client
is waiting for a 220 banner.
> Jan 5 22:36:42 logi postfix/smtpd[29718]: connect from
> bas12-kitchener06-1242508381.dsl.bell.ca[74.15.44.93]
> Jan 5 22:36:42 logi postfix/smtpd[29718]: setting up TLS connection from
> bas12-kitchener06-1242508381.dsl.bell.ca[74.15.44.93]
> Jan 5 22:36:42 logi postfix/smtpd[29718]: Anonymous TLS connection
> established from bas12-kitchener06-1242508381.dsl.bell.ca[74.15.44.93]:
> TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> Jan 5 22:36:42 logi postfix/smtpd[29718]: NOQUEUE: reject: CONNECT from
> bas12-kitchener06-1242508381.dsl.bell.ca[74.15.44.93]: 554 5.7.1
> <bas12-kitchener06-1242508381.dsl.bell.ca[74.15.44.93]>: Client host
> rejected: Access denied; proto=SMTP
Your client restrictions deny access by this client, and you have
"smtpd_delay_reject = no".
--
Viktor.
