On 11-01-05 11:03 PM, Victor Duchovni wrote:
On Wed, Jan 05, 2011 at 10:48:21PM -0500, brian wrote:
The SSL handshake worked just fine, what's the problem?
I don't know; that's why I posted a query to the list. I assumed,
though, that there was a problem because I get this "Client host
rejected: Access denied" msg.
I also tried with starttls:
$ openssl s_client -connect mail.MYDOMAIN:465 -starttls smtp
CONNECTED(00000003)
No surprise, SSL wrapper-mode is not STARTTLS. You get dead-lock
since the server is waiting for a client SSL hello, and the client
is waiting for a 220 banner.
OK. That makes sense. But I thought that maybe I should try it as it's
an option for s_client.
I know I'm in over my head here. Not only am I unsure how to test this,
I'm also having trouble interpreting the results I do get.
Your client restrictions deny access by this client, and you have
"smtpd_delay_reject = no".
I switched it to yes and got:
220 MYDOMAIN NO UCE ESMTP
EHLO mail.MYDOMAIN
250-MYDOMAIN
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
I noticed it doesn't mention STARTTLS. This is because I didn't pass
-starttls to s_client? When I do, I'm back to it hanging after
"CONNECTED(00000003)".
I tried telnet localhost 25 and get:
250-MYDOMAIN
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
main.cf:
smtpd_client_restrictions =
permit_inet_interfaces,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject
