On 7/12/2011 1:37 AM, Ron Garret wrote: > > On Jul 11, 2011, at 11:17 PM, Mike Morris wrote:
>> Configure smtp_tls_security_level and/or smtp_tls_policy_maps, using at >> least a setting of 'may'. This will allow the SMTP client to attempt >> STARTTLS connections with remote hosts. > > Ah. I thought SASL implied TLS, but I guess it doesn't. > > So I tried adding: > > smtp_sasl_security_options = auth > smtp_tls_security_level = may > > And now I get "unknown mail transport error" on the client side, and this on > the server side: > > Jul 11 23:30:51 vm01 postfix/smtpd[22169]: connect from > ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] > Jul 11 23:30:52 vm01 postfix/smtpd[22169]: lost connection after EHLO from > ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] > Jul 11 23:30:52 vm01 postfix/smtpd[22169]: disconnect from > ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] > >> Set smtp_sasl_security_options = noanonymous (or whatever is >> appropriate). The remote server at secure.genesisgroup.info advertises >> the following: AUTH PLAIN DIGEST-MD5 CRAM-MD5 LOGIN >> >> Read the TLS_README and SASL_README files for more information. > > Will do. At least now I know where to look to make further progress. Thanks! Since this is a server to server relay of known/trusted systems, and assuming that 184.73.65.10 is static and won't change any time soon, why not simply add 184.73.65.10 to $mynetworks on secure.genesisgroup.info and forget the sasl auth junk? This should get the relaying working instantly with little or no pitfalls. -- Stan
