Am 23.08.2014 um 00:28 schrieb Bill Cole <postfixlists-070...@billmail.scconsult.com>:
> On 22 Aug 2014, at 14:16, Christian Rößner wrote: > >>>> Aug 22 19:14:10 mx0 postfix-submission/smtpd[29528]: Anonymous TLS >>>> connection established from >>>> static-201-106.deltasurf.de[193.239.106.201]:47064: TLSv1 with cipher >>>> ECDHE-RSA-AES256-SHA (256/256 bits) >>> >>> Your server SASL layer did not offer a SASL "EXTERNAL" mechanism, >>> and probably should not. I don't think Postfix supports this >>> anyway. IIRC you mentioned configuring Apple Mail for "EXTERNAL" >>> auth. That won't work. >> >> I guess it is not SASL/EXTERNAL. The dialog says: Extern (TLS >> Clientzertifikat) >> >> I don’t know, why they call it „extern“ >> >>>> As you see, Apple Mail does have a different behavior. >>> >>> Yep, it does not employ client certificates, at least not as >>> configured. Since the Postfix server requests a client certificate, >>> the issue is entirely on the client side. >> >> Yes, I agree. I have done several certificates now and none work. And as I >> have no idea where to find further information, how the certificate must >> have been created to work with Apple Mail, I give up right now. > > I hope you have not entirely given up, because I believe there is a fix, > although I'm only able to describe how to find it in the US English version > of Mail. I hope this provides adequate clues. Thank you, you really helped me to solve it. > In "Account Information" you can use the "TLS Certificate" pull-down to > select your personal certificate. You also will need to switch to the > "Advanced" tab to switch "Authentication" from "External (TLS Client > Certificate)" to "None" (if you have Postfix configured to permit use based > on the TLS certificate) or "Password" (if you want to ALSO use the SASL > authentication that you appear to have working with TBird). One good feature > of Mail is that you can use "Window->Connection Doctor" to perform a test of > all connection settings and log the details for analysis if need be. In Germany we call that „betriebsblind“ (having become blind to shortcomings in companyprocesses) You won’t believe me. I have several times entered exactly this panel. But I directly switched to the advanced tab and did not have a closer look at the account information. Why? Because there was a second place, where I could select TLS certificate. Unfortunately that place is a pull down for S/MIME and because I always had selected the certificate there, I did not have a closer look for the account information tab. So in fact there are two tls certificate pull down menues. The first is for S/MIME and the hidden one is for client certificate. And one last point. Even if selecting the right certificate in the hidden menu, you must quit Apple Mail and start again. First time, the change did not have any effect here. Thanks again. Really :-) -Christian Rößner -- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
smime.p7s
Description: S/MIME cryptographic signature
