On Jul 12, 2011, at 12:13 AM, Stan Hoeppner wrote: > On 7/12/2011 1:37 AM, Ron Garret wrote: >> >> On Jul 11, 2011, at 11:17 PM, Mike Morris wrote: > >>> Configure smtp_tls_security_level and/or smtp_tls_policy_maps, using at >>> least a setting of 'may'. This will allow the SMTP client to attempt >>> STARTTLS connections with remote hosts. >> >> Ah. I thought SASL implied TLS, but I guess it doesn't. >> >> So I tried adding: >> >> smtp_sasl_security_options = auth >> smtp_tls_security_level = may >> >> And now I get "unknown mail transport error" on the client side, and this on >> the server side: >> >> Jul 11 23:30:51 vm01 postfix/smtpd[22169]: connect from >> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >> Jul 11 23:30:52 vm01 postfix/smtpd[22169]: lost connection after EHLO from >> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >> Jul 11 23:30:52 vm01 postfix/smtpd[22169]: disconnect from >> ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10] >> >>> Set smtp_sasl_security_options = noanonymous (or whatever is >>> appropriate). The remote server at secure.genesisgroup.info advertises >>> the following: AUTH PLAIN DIGEST-MD5 CRAM-MD5 LOGIN >>> >>> Read the TLS_README and SASL_README files for more information. >> >> Will do. At least now I know where to look to make further progress. >> Thanks! > > Since this is a server to server relay of known/trusted systems, and > assuming that 184.73.65.10 is static and won't change any time soon, why > not simply add 184.73.65.10 to $mynetworks on secure.genesisgroup.info > and forget the sasl auth junk? This should get the relaying working > instantly with little or no pitfalls.
That's a good idea. The reason I didn't do it this way is that I can't count on the client IP remaining static. Also, I like to understand how things work, and I don't like to admit defeat :-) rg
