The problem is occurring with MS Outlook 2007. Can't get it to work on 465 or 587.
For the 587/submission port I changed it to the settings from Patrick Koetter's guide (http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_suppor t.html) ## TLS # Transport Layer Security smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/certs/tn2.myserver.com.key smtpd_tls_cert_file = /etc/postfix/certs/tn2.myserver.com.crt smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom In master.cf I changed submission section to below for testing, Commented some restrictions for now to test. submission inet n - n - - smtpd -v -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth # -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual_users # -o smtpd_sender_restrictions=reject_sender_login_mismatch # -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipi ent_domain,permit_sasl_authenticated,reject I can send a mail via telnet from a different server to 587 (or 465) including SASL authentication using: openssl s_client -connect tn2.myserver.com:587 -starttls smtp -crlf I used echo -ne '\0myusername\0thatpassword' | openssl enc -base64 to generate the credentials for AUTH PLAIN I'm shown the certificate then I ehlo through quit and the server delivers the message to the local account I sent it to. The Outlook box retrieves it via POP. I also tried the same command above from a linux machine on the same (home)IP as my desktop Outlook PC, it too will let me send a message through the submission port 587 using the openssl comand above. But if I try to send from Outlook to port 587, the connection fails. Outlook's "Test account settings" reports: "Send test e-mail message: None of the authentication methods supported by this client are supported by your server." The log from the Outlook connection here: hh.hh.hh.hh is my home/Outlook PC's IP address Jul 24 13:35:11 tn2 postfix/smtpd[9553]: name_mask: ipv4 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: inet_addr_local: configured 2 IPv4 addresses Jul 24 13:35:11 tn2 postfix/smtpd[9553]: process generation: 102 (102) Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: mynetworks ~? debug_peer_list Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: mynetworks ~? fast_flush_domains Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: mynetworks ~? mynetworks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: relay_domains ~? debug_peer_list Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: relay_domains ~? fast_flush_domains Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: relay_domains ~? mynetworks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: relay_domains ~? permit_mx_backup_networks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: relay_domains ~? qmqpd_authorized_clients Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: relay_domains ~? relay_domains Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: permit_mx_backup_networks ~? debug_peer_list Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: permit_mx_backup_networks ~? fast_flush_domains Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: permit_mx_backup_networks ~? mynetworks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Compiled against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Run-time linked against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: hash:/etc/postfix/local_recipient Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Compiled against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Run-time linked against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: hash:/etc/postfix/relay_recipients Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: smtpd_access_maps ~? debug_peer_list Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: smtpd_access_maps ~? fast_flush_domains Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: smtpd_access_maps ~? mynetworks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: smtpd_access_maps ~? permit_mx_backup_networks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: smtpd_access_maps ~? relay_domains Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: smtpd_access_maps ~? smtpd_access_maps Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Compiled against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Run-time linked against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: hash:/etc/postfix/virtual_users Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: pcre:/etc/postfix/recipient_checks.pcre Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Compiled against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Run-time linked against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: hash:/etc/postfix/helo_checks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Compiled against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Run-time linked against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: hash:/etc/postfix/sender_checks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Compiled against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Run-time linked against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: hash:/etc/postfix/client_checks Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: pcre:/etc/postfix/client_checks.pcre Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Compiled against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: Run-time linked against Berkeley DB: 5.3.21? Jul 24 13:35:11 tn2 postfix/smtpd[9553]: dict_open: hash:/etc/postfix/access Jul 24 13:35:11 tn2 postfix/smtpd[9553]: auto_clnt_create: transport=unix endpoint=postgrey/socket Jul 24 13:35:11 tn2 postfix/smtpd[9553]: unknown_helo_hostname_tempfail_action = defer_if_permit Jul 24 13:35:11 tn2 postfix/smtpd[9553]: unknown_address_tempfail_action = defer_if_permit Jul 24 13:35:11 tn2 postfix/smtpd[9553]: unverified_recipient_tempfail_action = defer_if_permit Jul 24 13:35:11 tn2 postfix/smtpd[9553]: unverified_sender_tempfail_action = defer_if_permit Jul 24 13:35:11 tn2 postfix/smtpd[9553]: name_mask: 1 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: auto_clnt_create: transport=local endpoint=private/tlsmgr Jul 24 13:35:11 tn2 postfix/smtpd[9553]: auto_clnt_open: connected to private/tlsmgr Jul 24 13:35:11 tn2 postfix/smtpd[9553]: send attr request = seed Jul 24 13:35:11 tn2 postfix/smtpd[9553]: send attr size = 32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: private/tlsmgr: wanted attribute: status Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute name: status Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute value: 0 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: private/tlsmgr: wanted attribute: seed Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute name: seed Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute value: sJ+G2MxfuwihHC4oCnIKRmXxz3FZti5SGanqlneSiqE= Jul 24 13:35:11 tn2 postfix/smtpd[9553]: private/tlsmgr: wanted attribute: (list terminator) Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute name: (end) Jul 24 13:35:11 tn2 postfix/smtpd[9553]: send attr request = policy Jul 24 13:35:11 tn2 postfix/smtpd[9553]: send attr cache_type = smtpd Jul 24 13:35:11 tn2 postfix/smtpd[9553]: private/tlsmgr: wanted attribute: status Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute name: status Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute value: 0 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: private/tlsmgr: wanted attribute: cachable Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute name: cachable Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute value: 0 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: private/tlsmgr: wanted attribute: (list terminator) Jul 24 13:35:11 tn2 postfix/smtpd[9553]: input attribute name: (end) Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: fast_flush_domains ~? debug_peer_list Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_string: fast_flush_domains ~? fast_flush_domains Jul 24 13:35:11 tn2 postfix/smtpd[9553]: auto_clnt_create: transport=local endpoint=private/anvil Jul 24 13:35:11 tn2 postfix/smtpd[9553]: connection established Jul 24 13:35:11 tn2 postfix/smtpd[9553]: master_notify: status 0 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: name_mask: resource Jul 24 13:35:11 tn2 postfix/smtpd[9553]: name_mask: software Jul 24 13:35:11 tn2 postfix/smtpd[9553]: connect from hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh] Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_list_match: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net: no match Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_list_match: hh.hh.hh.hh: no match Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_list_match: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net: no match Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_list_match: hh.hh.hh.hh: no match Jul 24 13:35:11 tn2 postfix/smtpd[9553]: smtp_stream_setup: maxtime=300 enable_deadline=0 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? localhost Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? localhost Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? tn2.myserver.com Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? tn2.myserver.com Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? 65.183.104.20/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? 65.183.104.20/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? hh.hh.hh.hh/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? hh.hh.hh.hh/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 220 tn2.myserver.com ESMTP Postfix Jul 24 13:35:11 tn2 postfix/smtpd[9553]: < hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: EHLO HDPLEX2 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_list_match: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net: no match Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_list_match: hh.hh.hh.hh: no match Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250-tn2.myserver.com Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250-PIPELINING Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250-SIZE 10240000 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250-ETRN Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250-STARTTLS Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250-ENHANCEDSTATUSCODES Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250-8BITMIME Jul 24 13:35:11 tn2 postfix/smtpd[9553]: > hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh]: 250 DSN Jul 24 13:35:11 tn2 postfix/smtpd[9553]: smtp_get: EOF Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? localhost Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? localhost Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? tn2.myserver.com Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? tn2.myserver.com Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? 65.183.104.20/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? 65.183.104.20/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostname: hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net ~? hh.hh.hh.hh/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: match_hostaddr: hh.hh.hh.hh ~? hh.hh.hh.hh/32 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: lost connection after EHLO from hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh] Jul 24 13:35:11 tn2 postfix/smtpd[9553]: disconnect from hh-hh-hh-hh.lightspeed.nsvltn.sbcglobal.net[hh.hh.hh.hh] Jul 24 13:35:11 tn2 postfix/smtpd[9553]: master_notify: status 1 Jul 24 13:35:11 tn2 postfix/smtpd[9553]: connection closed Jul 24 13:35:16 tn2 postfix/smtpd[9553]: auto_clnt_close: disconnect private/tlsmgr stream ===================== Full postconf -n and master.cf ===================== alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes home_mailbox = mail/inbox html_directory = no inet_interfaces = $myhostname, localhost inet_protocols = ipv4 local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = tn2.myserver.com myhostname = tn2.myserver.com mynetworks = localhost, $mydomain, ww.ww.ww.ww/32, hh.hh.hh.hh/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES relay_domains = mlec.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 2500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, check_recipient_access hash:/etc/postfix/access, reject_rbl_client zen.spamhaus.org reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_cert_file = /etc/postfix/certs/tn2.myserver.com.crt smtpd_tls_key_file = /etc/postfix/certs/tn2.myserver.com.key smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 ===================== postconf -M ===================== smtps inet n - n - - smtpd -v -o smtpd_tls_wrappermode=yes -o syslog_name=postfix/smtps submission inet n - n - - smtpd -v -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual_users smtp-amavis unix - - n - 3 smtp -o disable_dns_lookups=yes -o smtp_send_xforward_command=yes smtp inet n - n - - smtpd -v -o cleanup_service_name=pre-cleanup pickup fifo n - n 60 1 pickup -o cleanup_service_name=pre-cleanup pre-cleanup unix n - n - 0 cleanup -o virtual_alias_maps= -o canonical_maps= -o sender_canonical_maps= -o recipient_canonical_maps= -o masquerade_domains= cleanup unix n - n - 0 cleanup -o mime_header_checks= -o nested_header_checks= -o body_checks= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache
