Hi
Thanks for your help Viktor, i comment inside mail:
El 07/02/13 19:15, Viktor Dukhovni escribió:
> On Thu, Feb 07, 2013 at 06:22:40PM +0100, deconya wrote:
>
>> smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
>>
>> relayhost = [smtp.puc.rediris.es]:25
> Don't append :25 set:
>
> relayhost = [smtp.puc.rediris.es]
Ok
>> smtp_sasl_auth_enable = no
> You've disabled SASL.
In main.cf appears
smtpd_sasl_auth_enable = yes, why can appear no?
>> smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
> In this table the lookup key should be the verbatim setting of
> relayhost:
>
> [smtp.puc.rediris.es] user:pass
>
>> smtp_sasl_security_options = noplaintext, noanonymous
>> smtp_sasl_tls_security_options = $smtp_sasl_security_options
>> smtp_sasl_tls_verified_security_options =
Other strange rule, I have
smtpd_sasl_security_options = noanonymous
> You only enable plaintext mechanisms (e.g. passwords) with verified
> TLS. Are you able to verify the relay's TLS certificate?
>> smtp_sasl_type = cyrus
>> smtp_sender_dependent_authentication = yes
> With this, the password table lookup key is the sender address. Is
> that what you're using?
NO, exist a special user and password inside relay_passwd
>> smtp_tls_CAfile =
>> smtp_tls_CApath =
> How do you expect to verify the peer certificate? And without
> verification, how do you expect to authenticate?
This rules are misspelled? I have this in main.cf
smtpd_tls_key_file = /etc/ssl/private/server_key.pem
smtpd_tls_cert_file = /etc/ssl/server.crt
smtpd_tls_CAfile = /etc/ssl/TERENASSL_PATH.pem
>> smtp_tls_enforce_peername = yes
>> smtp_use_tls = no
>> smtp_tls_security_level =
> The first two settings are obsolete. Set "smtp_tls_security_level = secure"
> or at least "may" (and then enforce TLS for the relay via the policy table).
>
>> smtp_tls_loglevel = 0
I have
smtpd_tls_loglevel = 2
Why is not active? I don't understand why main.cf is having this
problems.More rules are not active because are with smtpd, is normal this?
Thanks for your time
Best Regards
> If you're using TLS, the recommended level is 1.
>
>> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
> The session cache database should be in ${data_directory}.
>
> The "smtp_sasl_password_maps" parameter was introduced in snapshot-20000316,
> (prior to Postfix 1.0), while "smtp_sender_dependent_authentication"
> was introducted in postfix-2.3-20051125 (which later evolved into Postfix
> 2.3).
>
