On 1/10/11 10:04 PM, Bryan Harrison wrote:
I've recently migrated services to a new mailserver, which has of
course promptly started kicking out dire errors that didn't show
during testing.
Here's an example transcript, postconf -n is below
Out: 220 gilded-bat.laughingboot.net
<http://gilded-bat.laughingboot.net/> ESMTP Postfix
In: EHLO [10.2.45.174]
Out: 250-gilded-bat.laughingboot.net
<http://250-gilded-bat.laughingboot.net/>
Out: 250-PIPELINING
Out: 250-SIZE 6291456
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: STARTTLS
Out: 454 4.7.0 TLS not available due to local problem
Of course, you cannot actually *START* TLS from a telnet commandline;
I'd suggest you use OpenSSL's s_client to test an encrypted connection.
Do you have logs that show problem with TLS ?
Examples are not nearly as relevant as logs showing the actual problem
as it occurs.
If there's more information in the logs,
The above is not in any logs, it is a telnet transcript.
Postfix logs to the mail facility of syslog, look in your OS'
documentation on how that is configured.
smtpd_enforce_tls = no
smtpd_pw_server_security_options = cram-md5,login,plain,gssapi
smtpd_tls_exclude_ciphers = SSLv2aNULLADHeNULL
smtpd_tls_loglevel = 0
smtpd_use_pw_server = yes
smtpd_use_tls = no
These settings are very old; which version of postfix are you using ?
--
J.
