On 1/29/2014 6:22 PM, Viktor Dukhovni wrote: > On Wed, Jan 29, 2014 at 05:58:15PM -0500, Dennis Putnam wrote: > >> TLS is indeed set via >> >> $ postconf -n smtp_tls_policy_maps >> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy >> >> The entry in that file is set to: >> >> smtp.att.yahoo.com may > Your original message reports problems with delivery to a bellsouth.net > recipient via: > > relay=smtp.att.yahoo.com[98.138.31.74]:587 > > presumably, you've set "relayhost=[smtp.att.yahoo.com]:587" or some > similar setting. Per the Postfix documentation (both TLS_README > and SASL_README). The lookup key for both TLS and SASL policy > should be verbatim next-hop destination, namely: > > tls_policy: > # Ideally use "secure" after configuring a suitable CAfile. > [smtp.att.yahoo.com]:587 encrypt > > sasl_passwords: > [smtp.att.yahoo.com]:587 user:pass > Thanks again for the reply but no joy. I have been using port 587 for a couple of years until this recent problem. The only difference is I had my tls_policy set like this:
[smtp.att.yahoo.com] may That has been working all that time. I changed it per your suggestion to: [smtp.att.yahoo.com]:587 encrypt It did not help. I ran Noel's suggestion with openssl and got the same thing he got. # openssl s_client -connect smtp.att.yahoo.com:587 -starttls smtp (certificate stuff) 250 STARTTLS ehlo home.bellsouth.net 250-smtp.att.yahoo.com 250-PIPELINING 250-SIZE 41697280 250-8 BITMIME 250 AUTH PLAIN LOGIN XYMCOOKIE quit 221 2.0.0 Bye Repeating the debug output: Jan 29 19:03:29 dap002 postfix/smtp[6808]: < smtp.att.yahoo.com[98.138.31.74]:587: 220 smtp.att.yahoo.com ESMTP ready Jan 29 19:03:29 dap002 postfix/smtp[6808]: > smtp.att.yahoo.com[98.138.31.74]:587: EHLO home.bellsouth.net Jan 29 19:03:29 dap002 postfix/smtp[6808]: < smtp.att.yahoo.com[98.138.31.74]:587: 250-smtp.att.yahoo.com Jan 29 19:03:29 dap002 postfix/smtp[6808]: < smtp.att.yahoo.com[98.138.31.74]:587: 250-PIPELINING Jan 29 19:03:29 dap002 postfix/smtp[6808]: < smtp.att.yahoo.com[98.138.31.74]:587: 250-SIZE 41697280 Jan 29 19:03:29 dap002 postfix/smtp[6808]: < smtp.att.yahoo.com[98.138.31.74]:587: 250-8 BITMIME Jan 29 19:03:29 dap002 postfix/smtp[6808]: < smtp.att.yahoo.com[98.138.31.74]:587: 250 STARTTLS Jan 29 19:03:29 dap002 postfix/smtp[6808]: server features: 0x101d size 41697280 Why is this different than the openssl output? Does this imply that smtp is not immediately starting TLS?
signature.asc
Description: OpenPGP digital signature
