Re: Switching to 587 submission

Wed, 07 Dec 2011 18:26:53 -0800 

>>> the main-question is why you need to encrypt sending messages from
>>> a webmail which usually does not go over the WAN
>>
>> If I set "Secure SMTP (TLS) : false" in squirrelmail, I get:
>>
>> Authentication required
>> 530 5.7.0 Must issue a STARTTLS command first
>>
>> If I change port 587 to 25 in squirrelmail I get:
>>
>> Bad sequence of commands
>> 503 5.5.1 Error: authentication not enabled
>
> this sounds like a broken setup
>
> smtp            inet  n       -       n       -      50       smtpd -o 
> smtpd_client_connection_count_limit=15 -o
> max_idle=1h -o max_use=500
>
> submission      inet  n       -       n       -      50       smtpd -o 
> smtpd_client_connection_count_limit=15 -o
> smtpd_sasl_auth_enable=yes -o smtpd_delay_reject=yes -o 
> smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o max_idle=1h -o max_use=500
>
> smtps           inet  n       -       n       -      50       smtpd -o 
> smtpd_client_connection_count_limit=15 -o
> smtpd_sasl_auth_enable=yes -o smtpd_delay_reject=yes -o 
> smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o smtpd_tls_wrappermode=yes -o max_idle=1h -o max_use=500

I'm not sure where to begin.  Can you tell me what is wrong with my config?

master.cf:

smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       n       -       -       smtpd
tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        permit

postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce

virtual_alias_maps = hash:/etc/postfix/virtual

message_size_limit = 20480000

smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/key.pem
smtpd_tls_cert_file = /etc/ssl/postfix/cert.pem
smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

- Grant

Reply via email to