On Jun 8, 2013, at 00:47, Noel Jones <njo...@megan.vbhcs.org> wrote:
> On 6/7/2013 3:28 PM, Asai wrote:
>> Greetings,
>>
>> We're starting to incorporate iPhone users into our email system.
>> Sometimes we seem to be having trouble with mail being delayed for a
>> long time before the phone will connect to the server and send the
>> mail. I don't really have any idea what this is. I've looked
>> through the logs, but I'm not seeing anything really telling. I
>> have recently turned on TLS debugging and hope to glean something
>> useful from that. We have SSL turned on on the iPhone, but do not
>> have the so-called wrapper mode turned on, and it seems to be
>> working fine in most cases. Does anyone have any experience with
>> managing iPhones and Postfix who can share with me something of value?
>>
>> Thank you.
>
> I only have a dozen or so iPhone users and don't use one myself, so
> don't consider me an expert on this. It's also possible my users
> have these problems and just haven't said anything. Anyway, here's
> some random thoughts...
>
> - don't use tls debug higher than level 1 unless you are willing to
> dig into openssl source code.
>
> - make sure your master.cf submission entry has
> -o syslog_name=postfix/submission
> so you can tell what port they're connecting to.
>
> - if they're connecting to port 25, postscreen will interfere,
> causing significant delays or preventing it from working at all.
>
> - enable the wrappermode/smtps port if you haven't already. Seems
> some of my iPhone users connect on that port despite instructions
> that make no mention of it. I don't know why, and don't really care;
> there is no difference in security/speed/whatever. I always enable
> smtps because it reduces end-user frustration. The only downside is
> "it's not a standard". Use the same settings as submission except
> for the addition of
> -o smtpd_tls_wrappermode=yes
> -o syslog_name=postfix/smtps
>
>
>
> HTH, and have a good weekend.
The Mail.app applications on iOS (iPhones or iPads) or OS X will
attempt to autodetect the port to connect to; 25, 465, and 587. It
works just fine over the submission port (587) without enabling the
SMTPS port (465), and the autodetection can be overridden in the
settings if needs be;
Settings > Mail, Contacts, Calendars > [accountname] > Account >
Outgoing Mail Server (SMTP) > Primary Server > Server Port
That's the case on iOS 6; earlier versions might differ slightly in
option names, but offer a similar override. Make sure your own SMTP
server is in fact the primary server, by the way, and not one of the
'Other SMTP Servers'.
This is what the submission service definition on one of our servers
looks like;
==
# Submission service for use by our clients
submission inet n - n - 128 smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=permit_sasl_authenticated,reject
-o smtpd_proxy_filter=127.0.0.1:10025
==
It is important to note that we have seperate relay servers; the
mailbox servers clients connect to never open anything but the
submission port (587), and there is therefore never a problem with
clients trying to connect to postscreen on port 25. A similar setup can
be achieved by moving the submission service to a seperate IP address,
if possible.
Do however make sure that it is in fact your Postfix configuration, and
not a DNS issue of some sort. Test with an iPhone or iPad that has the
server port set manually, and see if the problem disappears. If it does
not, the problem might be elsewhere.
Other than that, there should not really be any compatibility issues
with iOS devices talking to Postfix, as long as your DNS and such is in
order.
HTH,
Jona
