On Wed, Jan 05, 2011 at 11:49:07PM -0500, brian wrote:
> I know I'm in over my head here. Not only am I unsure how to test this, I'm
> also having trouble interpreting the results I do get.
--------------------------------------------
That's mostly it.
>> Your client restrictions deny access by this client, and you have
>> "smtpd_delay_reject = no".
>
> I switched it to yes and got:
>
> 220 MYDOMAIN NO UCE ESMTP
> EHLO mail.MYDOMAIN
> 250-MYDOMAIN
> 250-PIPELINING
> 250-SIZE 10240000
> 250-ETRN
> 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
Good. Now your client connection is not blocked.
> I noticed it doesn't mention STARTTLS. This is because I didn't pass
> -starttls to s_client?
No, this is because after TLS is established, the encrypted EHLO
handshake does not offer STARTTLS, since TLS is already on, and what's
more, you're using smtps, so you're NOT using STARTTLS.
> When I do, I'm back to it hanging after
> "CONNECTED(00000003)".
Naturally, as before. There is no TLS related problem here, whatever
issues you have are elsewhere.
If your client wants to use STARTTLS on 587, rather than SSL wrapper
mode (smtps) on 465, then configure and test that.
--
Viktor.
