Am 09.01.2012 21:48, schrieb Noel Jones: > On 1/9/2012 2:24 PM, Ben Curtis wrote: >> First off, thanks for the help everyone! >> >>> Test postfix TLS with openssl to make sure postfix is working correctly. >>> >>> For port 25 (or 587) with STARTTLS >>> # openssl s_client -connect example.com:25 -starttls smtp >>> >> >> I'm using 587, and this seemed to functioned just fine from a remote host: >> >> -------------------------------------------------------------- >> [root@server ~]# openssl s_client -connect mail.MYDOMAIN.com:587 -starttls >> smtp >> CONNECTED(00000003) > ... > >> 250 DSN >> quit >> 221 2.0.0 Bye >> closed > > OK, postfix TLS is working correctly. > > >> Below is the output of postconf, and under that is a log level 7 TLS >> negotiation. > > tls log levels above 1 are generally useless unless you are an > expert in openssl (which I'm not sufficiently). > > Likewise with verbose logging in postfix; the vast majority of > postfix config problems can be debugged with normal logging. > >> >> "postconf -n" >> > > no glaring errors in postconf. > >> -------------------------------------------------------------- >> >> >> maillog with log level 7 (I just noticed the "QUIT" message below, but >> not sure how to interpret it) > > everything reasonably normal up to here. > >> Jan 9 20:12:18 ************ postfix/smtpd[11743]: Read 6 chars: QUIT?? > > Remote site (Exchange) didn't like something and issued QUIT. No > reason for the QUIT is given nor expected in the postfix logs. > >> Jan 9 20:12:18 ************ postfix/smtpd[11743]: disconnect from >> **********[*******] > > remote site disconnected. > > > FWIW, it appears the TLS negotiation between postfix and exchange > worked since Exchange was able to send the QUIT over the encrypted > link, but Exchange didn't like something about the connection and so > disconnected. Since Exchange logs the message about an untrusted > certificate, there's no reason at this point to not believe that > message is accurate. > > Sorry, can't help any more. You might google around how to import a > certificate in Exchange, or how to mark a particular client as trusted. > > > > -- Noel Jones
by the way did you checked existing firewalls between the two servers i had problems with some firewalls tls using exchange relay postfix, sorry i dont know how they were fixed by the firewall people involved -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
