Am 09.01.2012 18:16, schrieb Noel Jones: > On 1/9/2012 10:19 AM, Ben Curtis wrote: >> Hi all, >> >> I've been scouring the internet trying to find someone who's done this >> before, and am at a loss. >> >> I've got Postfix set up as a Smart Host for sending SMTP email from >> Exchange 2010 (Small Business Server 2011). My problem is that I can't >> get TLS to work. The error message I get back in Exchange is: >> >> [451 4.4.0 Primary target IP address responded with: "454 4.7.5 >> Certificate validation failure." Attempted failover to alternate host, >> but that did not succeed. Either there are no alternate hosts, or >> delivery failed to all alternate hosts.] >> > > Test postfix TLS with openssl to make sure postfix is working correctly. > > For port 25 (or 587) with STARTTLS > # openssl s_client -connect example.com:25 -starttls smtp > > Or if you've enabled master.cf port 465 TLS wrappermode (sometimes > mistakenly referred to as SSL in mail client software): > # openssl s_client -connect example.com:465 > > Openssl will print a couple pages of garbage-looking handshake info > that ends with postfix's 250 greeting. > > At that point you should be able to type in "EHLO myname" and get a > response from postfix. If you get that far, postfix TLS is working > correctly. > > If postfix checks out OK, the problem is with the Exchange > configuration. > > Maybe Exchange needs to import the private root CA you used to > generate your certificates? Maybe Exchange is trying to use > wrappermode on a port configured for STARTTLS (or vice versa)? > > >> >> Below are key areas of main.cf: > > If you need more help with postfix, show "postconf -n" output and > relevant log entries. > > > > > -- Noel Jones
Hi, Ben you might read this http://smtpport25.wordpress.com/2010/07/11/exchange-2010-connectors/ and/or http://technet.microsoft.com/en-us/library/aa997285.aspx http://technet.microsoft.com/en-us/library/aa998662%28EXCHG.140%29.aspx -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
