On Thu, Feb 07, 2013 at 09:34:00PM +0100, deconya wrote:
> > > smtp_sasl_auth_enable = no
> >
> > You've disabled SASL.
>
> In main.cf appears
>
> smtpd_sasl_auth_enable = yes, why can appear no?
You're not paying attention:
"smtpd" != "smtp"
> > > smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
> >
> > In this table the lookup key should be the verbatim setting of
> > relayhost:
> >
> > [smtp.puc.rediris.es] user:pass
> >
> > > smtp_sasl_security_options = noplaintext, noanonymous
> > > smtp_sasl_tls_security_options = $smtp_sasl_security_options
> > > smtp_sasl_tls_verified_security_options =
>
> Other strange rule, I have
>
> smtpd_sasl_security_options = noanonymous
You're still not paying attention:
"smtpd" != "smtp"
> > > smtp_tls_CAfile =
> > > smtp_tls_CApath =
> >
> > How do you expect to verify the peer certificate? And without
> > verification, how do you expect to authenticate?
>
> This rules are misspelled? I have this in main.cf
>
> smtpd_tls_key_file = /etc/ssl/private/server_key.pem
> smtpd_tls_cert_file = /etc/ssl/server.crt
> smtpd_tls_CAfile = /etc/ssl/TERENASSL_PATH.pem
That attention thing is a real problem...
> > > smtp_tls_enforce_peername = yes
> > > smtp_use_tls = no
> > > smtp_tls_security_level =
> >
> > The first two settings are obsolete. Set "smtp_tls_security_level = secure"
> > or at least "may" (and then enforce TLS for the relay via the policy table).
> >
> >> smtp_tls_loglevel = 0
>
> I have
>
> smtpd_tls_loglevel = 2
Broken record...
--
Viktor.
