On 6/7/2013 3:28 PM, Asai wrote: > Greetings, > > We're starting to incorporate iPhone users into our email system. > Sometimes we seem to be having trouble with mail being delayed for a > long time before the phone will connect to the server and send the > mail. I don't really have any idea what this is. I've looked > through the logs, but I'm not seeing anything really telling. I > have recently turned on TLS debugging and hope to glean something > useful from that. We have SSL turned on on the iPhone, but do not > have the so-called wrapper mode turned on, and it seems to be > working fine in most cases. Does anyone have any experience with > managing iPhones and Postfix who can share with me something of value? > > Thank you.
I only have a dozen or so iPhone users and don't use one myself, so don't consider me an expert on this. It's also possible my users have these problems and just haven't said anything. Anyway, here's some random thoughts... - don't use tls debug higher than level 1 unless you are willing to dig into openssl source code. - make sure your master.cf submission entry has -o syslog_name=postfix/submission so you can tell what port they're connecting to. - if they're connecting to port 25, postscreen will interfere, causing significant delays or preventing it from working at all. - enable the wrappermode/smtps port if you haven't already. Seems some of my iPhone users connect on that port despite instructions that make no mention of it. I don't know why, and don't really care; there is no difference in security/speed/whatever. I always enable smtps because it reduces end-user frustration. The only downside is "it's not a standard". Use the same settings as submission except for the addition of -o smtpd_tls_wrappermode=yes -o syslog_name=postfix/smtps HTH, and have a good weekend. -- Noel Jones > > [root@triata ~]# postconf -n > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = amavisfeed:[127.0.0.1]:10024 > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > html_directory = no > mail_owner = postfix > mailbox_size_limit = 0 > mailq_path = /usr/bin/mailq > manpage_directory = /usr/local/man > maximal_backoff_time = 600s > maximal_queue_lifetime = 1d > message_size_limit = 0 > minimal_backoff_time = 300s > mydomain = globalchangemultimedia.net > myhostname = triata.globalchangemultimedia.net > newaliases_path = /usr/bin/newaliases > postscreen_access_list = permit_mynetworks > postscreen_bare_newline_action = enforce > postscreen_bare_newline_enable = yes > postscreen_dnsbl_action = enforce > postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 > b.barracudecentral.org*1 > postscreen_dnsbl_threshold = 2 > postscreen_greet_action = drop > postscreen_non_smtp_command_action = enforce > postscreen_non_smtp_command_enable = yes > postscreen_pipelining_action = enforce > postscreen_pipelining_enable = yes > queue_directory = /var/spool/postfix > queue_run_delay = 300s > readme_directory = no > sendmail_path = /usr/sbin/sendmail > setgid_group = postdrop > show_user_unknown_table_name = no > smtp_sasl_mechanism_filter = plain, login > smtp_tls_loglevel = 2 > smtpd_client_restrictions = check_client_access > mysql:/etc/postfix/mysql_blacklist, > permit_sasl_authenticated, permit > smtpd_data_restrictions = reject_unauth_pipelining, permit > smtpd_delay_reject = yes > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > mysql:/etc/postfix/mysql_helo_restrictions.cf, > permit_sasl_authenticated, reject_invalid_hostname, permit > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_invalid_hostname, > reject_non_fqdn_sender, reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unauth_destination, check_recipient_access > mysql:/etc/postfix/mysql_restricted_recipients.cf, permit > smtpd_restriction_classes = webdev_only, gcmm_only, local_only, > unrestricted > smtpd_sasl_auth_enable = yes > smtpd_sasl_exceptions_networks = $mynetworks > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = check_sender_access > mysql:/etc/postfix/mysql_restricted_senders.cf, > permit_sasl_authenticated, permit_mynetworks, > reject_non_fqdn_sender, reject_unknown_sender_domain, permit > smtpd_tls_cert_file = > /etc/postfix/ssl/triata.globalchangemultimedia.net.pem > smtpd_tls_key_file = /etc/postfix/ssl/triata.key > smtpd_tls_loglevel = 0 > smtpd_tls_received_header = no > smtpd_tls_security_level = may > smtpd_tls_session_cache_database = > btree:/var/spool/postfix/smtpd_tls_session_cache > soft_bounce = yes > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf > virtual_gid_maps = static:1001 > virtual_mailbox_base = /vmail > virtual_mailbox_domains = > mysql:/etc/postfix/mysql_virtual_domains_maps.cf > virtual_mailbox_limit = 0 > virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf > virtual_minimum_uid = 1001 > virtual_transport = dovecot > virtual_uid_maps = static:1001 > > -- > --Asai >
