FreeBSD-8.2 STABLE
Postfix (2.10-20120422)
OpenSSL 1.0.1a 19 Apr 2012
I just updated to the latest devel version of Postfix and openssl-1.0.1a.
Following the instructions (I think correctly) on this list, I created the
following file:
cat tls_policy
hotmail.com may protocols=!SSLv2:!TLSv1.1:!TLS1.2
I check it as so:
postmap -q hotmail.com ./tls_policy
may protocols=!SSLv2:!TLSv1.1:!TLS1.2
and placed the following in the main.cf file:
smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
I then rebooted the system. Unfortunately, I am still receiving this
error message with hotmail.com
Apr 24 08:19:23 scorpio postfix/smtp[7319]: warning: TLS library problem:
7319:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:340:
Apr 24 08:19:23 scorpio postfix/smtp[7319]: 3VcNrW1Fdyz2CG4g:
to=<**recipient**>, relay=smtp.live.com[65.55.96.11]:587, delay=0.62,
delays=0.12/0.14/0.37/0, dsn=4.4.2, status=deferred (lost connection with
smtp.live.com[65.55.96.11] while performing the EHLO handshake)
I assume I am doing something wrong.
This is my compete main.cf file:
alias_database = hash:/usr/local/etc/postfix/aliases
alias_maps = $alias_database
authorized_submit_users = !www, static:all
broken_sasl_auth_clients = yes
canonical_maps = hash:/usr/local/etc/postfix/canonical
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 12h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 26214400
milter_default_action = accept
mydestination =
mydomain = seibercom.net
myhostname = scorpio.seibercom.net
mynetworks = 127.0.0.0/8 192.168.1.101
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sender_dependent_relayhost_maps =
mysql:/usr/local/etc/postfix/mysql-sender_relay
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = mysql:/usr/local/etc/postfix/mysql-sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtp_tls_CApath = /usr/local/etc/postfix/certs/
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
smtpd_authorized_verp_clients = $mynetworks
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated
reject_unknown_client_hostname
smtpd_milters = unix:/var/run/clamav/clmilter.sock
smtpd_recipient_restrictions = reject_unauth_pipelining
permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain
reject_unauth_destination
smtpd_reject_footer = For assistance, please provide the following information
in your problem report: time ($localtime), client ($client_address) and
server ($server_name).
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/postfix-cert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/certs/postfix-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = mysql:/usr/local/etc/postfix/mysql-transport
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/mail/vhost
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql-domains
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql-vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:1002
--
Jerry ✌
postfix-u...@seibercom.net
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
