Re: Outbound TLS

Sat, 13 Feb 2016 04:43:11 -0800 

Christian Kivalo:
> 
> 
> Am 13. Februar 2016 11:10:25 MEZ, schrieb Joy <pj.netfil...@gmail.com>:
> >May i know how can i force postfix to use TLS if remote MTA advertises
> >STARTTLS on port 25 to connect to remote server ?
> >
> >I am already using TLS and connecting from outlook is working
> >perfectly,
> >but when sending mail to google it now says TLS fail.
> Take a look at http://www.postfix.org/DEBUG_README.html#mail and provide all 
> necessary information
> 
> At least postconf -n / postconf -Mf and log output of the tls fail to google

Indeed. google.com MX hosts support STARTTLS on port 25. If you
must verify certificates issued from third-party issuers, see:

http://www.postfix.org/postconf.5.html#tls_append_default_CA

    Wietse
        
$ posttls-finger google.com
posttls-finger: Connected to aspmx.l.google.com[2607:f8b0:400d:c07::1b]:25
posttls-finger: < 220 mx.google.com ESMTP 207si21470864qhw.106 - gsmtp
posttls-finger: > EHLO tail.porcupine.org
posttls-finger: < 250-mx.google.com at your service, [2604:8d00:189::3]
posttls-finger: < 250-SIZE 35882577
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-STARTTLS
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-CHUNKING
posttls-finger: < 250 SMTPUTF8
posttls-finger: > STARTTLS
posttls-finger: < 220 2.0.0 Ready to start TLS
..lotsa stuff..
posttls-finger: certificate verification failed for 
aspmx.l.google.com[2607:f8b0:400d:c07::1b]:25: untrusted issuer 
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
posttls-finger: aspmx.l.google.com[2607:f8b0:400d:c07::1b]:25: 
subject_CN=aspmx.l.google.com, issuer_CN=Google Internet Authority G2, 
fingerprint=17:C3:E9:B6:EB:1C:7E:BB:95:67:BE:EA:E6:48:43:90:E0:24:95:03, 
pkey_fingerprint=AD:4B:02:AC:67:0F:96:F3:D1:85:C9:3D:E3:A2:04:B3:9A:0F:36:17
posttls-finger: Untrusted TLS connection established to 
aspmx.l.google.com[2607:f8b0:400d:c07::1b]:25: TLSv1.2 with cipher 
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
posttls-finger: > EHLO tail.porcupine.org
posttls-finger: < 250-mx.google.com at your service, [2604:8d00:189::3]
posttls-finger: < 250-SIZE 35882577
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-CHUNKING
posttls-finger: < 250 SMTPUTF8
posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 closing connection 207si21470864qhw.106 - gsmtp

Reply via email to