On Sat, Aug 16, 2014 at 01:19:06PM -0700, Rich Cook wrote:
> And it?s still evil in the logs, but I no longer get a bounce email from
> comcast as I did before. So it?s ?better? perhaps? I don?t know. Sigh,
> still hoping!
>
> Aug 16 13:14:29 RichCookHomeMac postfix/pickup[48035]: 5D63529CAF95: uid=0
> from=<root>
> Aug 16 13:14:29 RichCookHomeMac postfix/cleanup[48045]: 5D63529CAF95:
> message-id=<[email protected]>
> Aug 16 13:14:29 RichCookHomeMac postfix/qmgr[48036]: 5D63529CAF95:
> from=<[email protected]>, size=332, nrcpt=1 (queue active)
> Aug 16 13:14:29 RichCookHomeMac postfix/smtp[48038]: connect to
> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host
> Aug 16 13:14:29 RichCookHomeMac postfix/smtp[48038]: warning: SASL
> authentication failure: No worthy mechs found
> Aug 16 13:14:29 RichCookHomeMac postfix/smtp[48038]: 5D63529CAF95:
> to=<[email protected]>, relay=smtp.comcast.net[76.96.40.155]:587,
> delay=0.42, delays=0/0/0.41/0, dsn=4.7.0, status=deferred (SASL
> authentication failed; cannot authenticate to server
> smtp.comcast.net[76.96.40.155]: no mechanism available)
Well, this time Postfix actually knows that authentication is
needed. So the mail is deferred.
posttls-finger: Connected to smtp.comcast.net[68.87.26.155]:587
posttls-finger: < 220 omta05.westchester.pa.mail.comcast.net comcast ESMTP
server ready
posttls-finger: > EHLO amnesiac.example
posttls-finger: < 250-omta05.westchester.pa.mail.comcast.net
posttls-finger: < 250-HELP
posttls-finger: < 250-AUTH LOGIN PLAIN
posttls-finger: < 250-SIZE 36700160
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 OK
posttls-finger: > STARTTLS
posttls-finger: < 220 2.0.0 Ready to start TLS
posttls-finger: certificate verification failed for
smtp.comcast.net[68.87.26.155]:587: untrusted issuer /C=SE/O=AddTrust
AB/OU=AddTrust
External TTP Network/CN=AddTrust External CA Root
posttls-finger: Untrusted TLS connection established to
smtp.comcast.net[68.87.26.155]:587: TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256
bits)
posttls-finger: > EHLO amnesiac.example
posttls-finger: < 250-omta05.westchester.pa.mail.comcast.net
posttls-finger: < 250-HELP
posttls-finger: < 250-AUTH LOGIN PLAIN
posttls-finger: < 250-SIZE 36700160
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250 OK
posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 omta05.westchester.pa.mail.comcast.net comcast
closing connection
This SMTP service supports "LOGIN" and "PLAIN", but your SASL engine
did not enable those mechanisms.
> Current main.cf:
>
> smtpd_tls_ciphers = medium
Why?
> inet_protocols = all
Set this to ipv4, you don't have ipv6 connectivity.
> inet_interfaces = loopback-only
> #======================================================================
> relayhost=[smtp.comcast.net]:587
> smtp_sasl_auth_enable=yes
> smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
Fine.
> smtp_use_tls = yes
Change this to "smtp_tls_security_level = may", the "smtp_use_tls"
parameter is deprecated.
And where are the settings Patrick Koetter explained you needed?
--
Viktor.
