On 6/8/13 9:09 AM, DTNX Postmaster wrote:
On Jun 8, 2013, at 17:16, Asai <a...@globalchangemusic.org> wrote:
On 6/7/2013 4:26 PM, DTNX Postmaster wrote:
The Mail.app applications on iOS (iPhones or iPads) or OS X will
attempt to autodetect the port to connect to; 25, 465, and 587. It
works just fine over the submission port (587) without enabling the
SMTPS port (465), and the autodetection can be overridden in the
settings if needs be;
Settings > Mail, Contacts, Calendars > [accountname] > Account >
Outgoing Mail Server (SMTP) > Primary Server > Server Port
That's the case on iOS 6; earlier versions might differ slightly in
option names, but offer a similar override. Make sure your own SMTP
server is in fact the primary server, by the way, and not one of the
'Other SMTP Servers'.
This is what the submission service definition on one of our servers
looks like;
==
# Submission service for use by our clients
submission inet n - n - 128 smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=permit_sasl_authenticated,reject
-o smtpd_proxy_filter=127.0.0.1:10025
==
It is important to note that we have seperate relay servers; the
mailbox servers clients connect to never open anything but the
submission port (587), and there is therefore never a problem with
clients trying to connect to postscreen on port 25. A similar setup can
be achieved by moving the submission service to a seperate IP address,
if possible.
Do however make sure that it is in fact your Postfix configuration, and
not a DNS issue of some sort. Test with an iPhone or iPad that has the
server port set manually, and see if the problem disappears. If it does
not, the problem might be elsewhere.
Other than that, there should not really be any compatibility issues
with iOS devices talking to Postfix, as long as your DNS and such is in
order.
HTH,
Jona
T
After investigating this issue further, it looks like there might be
something I'm missing regarding postscreen. My reasoning for this is
yesterday a client said she couldn't send email. I looked at her phone
and the postfix logs and could see that her IP address was being
rejected by postscreen:
Jun 16 16:39:41 triata postfix/postscreen[6187]: CONNECT from
[70.199.201.175]:11120
Jun 16 16:39:41 triata postfix/dnsblog[6241]: addr 70.199.201.175 listed
by domain zen.spamhaus.org as 127.0.0.11
Jun 16 16:39:47 triata postfix/postscreen[6187]: DNSBL rank 2 for
[70.199.201.175]:11120
Jun 16 16:39:48 triata postfix/tlsproxy[6276]: CONNECT from
[70.199.201.175]:11120
Jun 16 16:39:49 triata postfix/tlsproxy[6276]: DISCONNECT
[70.199.201.175]:11120
Jun 16 16:39:49 triata postfix/postscreen[6187]: HANGUP after 1.4 from
[70.199.201.175]:11120 in tests after SMTP handshake
Jun 16 16:39:49 triata postfix/postscreen[6187]: DISCONNECT
[70.199.201.175]:11120
I checked Spamhaus and this IP is listed as one which users must be
authenticated first. This is our standard operating procedure, users
have to be authenticated before sending mail. But it seems like
something is happening where the authentication process isn't allowed
to happen.
Strangely enough, once we rebooted her phone, and she got a different IP
address, the emails started going through.
I'm sure this is a simple problem to some of you. I would appreciate
very much any assistance.
--Asai
