Re: 250-AUTH LOGIN PLAIN not advertised. Why?

Sun, 22 Nov 2015 22:59:40 -0800 


On 23.11.2015 00:16, Viktor Dukhovni wrote:

On Sun, Nov 22, 2015 at 09:43:46PM +0200, Mufit Eribol wrote:


I have been running postfix at a small company for years without any
problem. For some reason, now I cannot get 250-AUTH LOGIN PLAIN when
telnetting to port 25. It may be due to a change in the upgraded packages or
a misconfiguration by me. Probably, I "fixed" something which is not broken.

Nothing is wrong, look below:

     $ posttls-finger onart.com.tr
     posttls-finger: Connected to mail.randec.com[85.96.178.205]:25
     posttls-finger: < 220 mail.onart.com.tr ESMTP Postfix
     posttls-finger: > EHLO amnesiac.invalid
     posttls-finger: < 250-mail.onart.com.tr
     posttls-finger: < 250-PIPELINING
     posttls-finger: < 250-SIZE 50000000
     posttls-finger: < 250-ETRN
     posttls-finger: < 250-STARTTLS
     posttls-finger: < 250-ENHANCEDSTATUSCODES
     posttls-finger: < 250-8BITMIME
     posttls-finger: < 250 DSN
     posttls-finger: > STARTTLS
     posttls-finger: < 220 2.0.0 Ready to start TLS
     posttls-finger: mail.randec.com[85.96.178.205]:25 CommonName 
mail.onart.com.tr
     posttls-finger: certificate verification failed for 
mail.randec.com[85.96.178.205]:25: self-signed certificate
     posttls-finger: mail.randec.com[85.96.178.205]:25: 
subject_CN=mail.onart.com.tr, issuer_CN=mail.onart.com.tr, 
fingerprint=AB:0F:61:4C:9C:FB:22:DF:9F:61:55:60:61:B5:6A:B1:C7:03:44:4D, 
pkey_fingerprint=E7:65:0A:4E:AF:A7:8E:85:CC:D9:8F:8F:6C:00:32:48:1B:F1:16:3A
     posttls-finger: Untrusted TLS connection established to 
mail.randec.com[85.96.178.205]:25: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
     posttls-finger: > EHLO amnesiac.invalid
     posttls-finger: < 250-mail.onart.com.tr
     posttls-finger: < 250-PIPELINING
     posttls-finger: < 250-SIZE 50000000
     posttls-finger: < 250-ETRN
     posttls-finger: < 250-AUTH PLAIN LOGIN
     posttls-finger: < 250-AUTH=PLAIN LOGIN
     posttls-finger: < 250-ENHANCEDSTATUSCODES
     posttls-finger: < 250-8BITMIME
     posttls-finger: < 250 DSN
     posttls-finger: > QUIT
     posttls-finger: < 221 2.0.0 Bye


I can send and receive mail system on ports 465 and 993 using SSL/TLS
without any issue (seemingly). I am not sure if missing "250-AUTH LOGIN
PLAIN" is a problem.If I telnet to 465 (or 993) I get no response.

Of course not, those ports require an initial SSL/TLS handshake.


Viktor, thank you for your check.I am relieved.

I realized that the related switch is

smtpd_tls_auth_only = yes

If it is changed to "no", then "AUTH PLAIN LOGIN" is also advertised.

Mufit

Reply via email to