On 11 Dec 2013 11:22, "Mark Jamsek" <markjam...@riseup.net> wrote: > > On 11/12/2013 9:03 PM, Viktor Dukhovni wrote: >> >> On Wed, Dec 11, 2013 at 08:42:29PM +1100, Mark Jamsek wrote: >> >>>>> And, the glaringly obvious absence of SMTP auth mechanisms: >>>>> >>>>> 220 mail.bsdbox.co ESMTP Postfix >>>>> ehlo bsdbox.co >>>>> 250-mail.bsdbox.co >>>>> 250-STARTTLS >>>> >>>> Only when not using TLS. >>> >>> I'm not sure I understand what you mean here. I am using TLS, and >>> there is no SMTP authentication. >> >> You're not "using" TLS in the above session. The server supports >> TLS, but "telnet host 25" does not *use* TLS. To really use TLS >> you need a client program that supports TLS. I use "posttls-finger" >> (because I wrote it to suit my needs). You could make some progress >> with "openssl s_client -starttls smtp -connect somehost:25", though >> the latter shows less SMTP oriented output, you don't have to >> compile it from source. >> >> $ posttls-finger "[mail.bsdbox.co]" >> posttls-finger: Connected to mail.bsdbox.co[110.146.148.136]:25 >> posttls-finger: < 220 mail.bsdbox.co ESMTP Postfix >> posttls-finger: > EHLO amnesiac.example >> posttls-finger: < 250-mail.bsdbox.co >> posttls-finger: < 250-PIPELINING >> posttls-finger: < 250-SIZE 10240000 >> posttls-finger: < 250-VRFY >> posttls-finger: < 250-ETRN >> posttls-finger: < 250-STARTTLS >> posttls-finger: < 250-ENHANCEDSTATUSCODES >> posttls-finger: < 250-8BITMIME >> posttls-finger: < 250 DSN >> posttls-finger: > STARTTLS >> posttls-finger: < 220 2.0.0 Ready to start TLS >> posttls-finger: mail.bsdbox.co[110.146.148.136]:25 Matched CommonName mail.bsdbox.co >> posttls-finger: certificate verification failed for >> mail.bsdbox.co[110.146.148.136]:25: self-signed certificate >> posttls-finger: mail.bsdbox.co[110.146.148.136]:25: subject_CN= mail.bsdbox.co, issuer_CN=mail.bsdbox.co, fingerprint=26:79:C0:78:CE:0E:DE:7C:83:6C:32:D4:4F:02:EF:72:51:2B:08:7A, pkey_fingerprint=80:B8:24:5B:EF:E4:B9:44:E9:EC:A6:40:0C:6A:6C:D7:9C:5E:B0:6F >> posttls-finger: Untrusted TLS connection established to mail.bsdbox.co[110.146.148.136]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) >> posttls-finger: > EHLO amnesiac.example >> posttls-finger: < 250-mail.bsdbox.co >> posttls-finger: < 250-PIPELINING >> posttls-finger: < 250-SIZE 10240000 >> posttls-finger: < 250-VRFY >> posttls-finger: < 250-ETRN >> posttls-finger: < 250-AUTH PLAIN LOGIN >> posttls-finger: < 250-AUTH=PLAIN LOGIN >> posttls-finger: < 250-ENHANCEDSTATUSCODES >> posttls-finger: < 250-8BITMIME >> posttls-finger: < 250 DSN >> posttls-finger: > QUIT >> posttls-finger: < 221 2.0.0 Bye >> >> It sure offers AUTH (PLAIN and LOGIN) to clients that use TLS. >> >> On Wed, Dec 11, 2013 at 08:58:10PM +1100, Mark Jamsek wrote: >> >>> Wait. I think I understand what you're saying: my ISP perhaps blocks >>> my connections, so I need to use them as my $relayhost? Is it >>> possible to work around this somehow? I would rather not relay my >>> mail through my ISP. >> >> Now you're beginning to see the light. No you can't bypass the >> ISP filter. Either they are willing to turn the filter off for >> you, or you need to relay through their submission service. >> >> http://www.postfix.org/SOHO_README.html >> http://www.postfix.org/SASL_README.html >> http://www.postfix.org/OVERVIEW.html >> http://www.postfix.org/BASIC_CONFIGURATION_README.html >> http://www.postfix.org/DEBUG_README.html >> http://www.postfix.org/QSHAPE_README.html >> > Thank you, sir! Using the $relayhost option to relay through my ISP has worked! I can't believe I didn't at least try that already. And, overlooking that I configured auth to only commence AFTER TLS, I foolishly expected auth mechanisms to be apparent using telnet (25). And thank you, again, for those links; I'll read them tonight and draft a letter to my ISP to request disabling the filter. Running your own mail server only to relay mail through a third party sort of defeats the purpose of running your own mail server. > > n.b. Please forgive my elementary requests for help -- I am really really new to this. Thanks again, Viktor. Much appreciated, my friend. While I have your ear, do you know if Postfix developers take bitcoin donations? I'd love to contribute something to this great FOSS service.
When you read the documentation you'll realise Viktor actually did develop some of postfix :) Simon
