Dear Viktor. sorry but I'll try to be more explicite because I have to put
to work the submission and I can't:

main.cf:

# TLS parameters (server side)
smtpd_tls_cert_file=/etc/ssl/certs/relay.pem
smtpd_tls_key_file=/etc/ssl/private/key.pem
smtpd_tls_security_level = may
smtpd_tls_loglevel = 2

# TLS parameters (client side)
smtp_tls_security_level = may
smtp_tls_cert_file = /etc/postfix/SSL/publica.crt
smtp_tls_key_file = /etc/postfix/SSL/privada.pem
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_starttls_timeout = 300s
smtp_tls_CApath = /etc/ssl/certs

master.cf:

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

And when I send a message with mailx from client 172.1.1.1:

$ mailx -v -r "f...@mycompany.com" -s "TLS test" -S smtp="10.1.1.1:587" -S
smtp-use-starttls -S ssl-verify=ignore any_u...@gmail.com

I get this log in Postfix:


Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: connect from
unknown[172.1.1.1]
Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: setting up TLS
connection from unknown[172.1.1.1]
Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]:
unknown[10.12.13.220]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: SSL_accept
error from unknown[172.1.1.1]: lost connection
Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: lost connection
after STARTTLS from unknown[172.1.1.1]
Mar 13 20:34:47 MITLPSMT01 postfix/submission/smtpd[25956]: disconnect from
unknown[172.1.1.1]

Thanks a lot,

Jelo

On Mon, Mar 13, 2017 at 7:53 PM, Jeronimo L. Cabral <jelocab...@gmail.com>
wrote:

> Daer Viktor, I´ve followed your instructions and setup the submission port
> in master.cf as you said:
>
> Mail client ---STARTTLS ---- Postfix listening on Port TCP/587 - Internet
> SMTP servers
>
> But when I execute from a client 172.1.1.1 to the Postfix server 10.1.1.1:
>
> $ mailx -v -r "f...@mycompany.com" -s "TLS test" -S smtp="10.1.1.1:587" -S
> smtp-use-starttls -S ssl-verify=ignore any_u...@gmail.com
>
> the command never ends in the shell and the Postfix log just says:
>
> Mar 13 19:41:56 MITLPSMT01 postfix/smtpd[20302]: initializing the
> server-side TLS engine
> Mar 13 19:41:56 MITLPSMT01 postfix/smtpd[20302]: connect from
> unknown[172.1.1.1]
> Mar 13 19:41:56 MITLPSMT01 postfix/smtpd[20302]: setting up TLS connection
> from unknown[172.1.1.1]
> Mar 13 19:41:56 MITLPSMT01 postfix/smtpd[20302]: unknown[172.1.1.1]: TLS
> cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
> Mar 13 19:41:56 MITLPSMT01 postfix/smtpd[20302]: SSL_accept:before/accept
> initialization
>
> The mail doesn't go out from Postfix.
>
> What can be the reason I can't send a mail using STARTTLS through the
> Postfix server ???
>
> On Mon, Mar 13, 2017 at 5:18 PM, Viktor Dukhovni <
> postfix-us...@dukhovni.org> wrote:
>
>> On Mon, Mar 13, 2017 at 04:49:23PM -0300, Jeronimo L. Cabral wrote:
>>
>> > At the moment, the mail relay is reached just from inside our company
>> and
>> > several applications use it to send mail through Internet.
>>
>> If the submission port is only reachable from internal trusted
>> networks, then authentication is optional.  You'll need to make
>> sure that Postfix will not be listening for port 587 on any public
>> IP addresses.
>>
>> > Using mailx is in this manner:
>>
>> My first encounter with "heirloom-mailx", with SMTP and TLS bolted
>> in mailx, my is the world getting fancy...
>>
>> > $ mailx -v -r "f...@mycompany.com" -s "TLS test" -S smtp="10.10.12.5:587"
>> -S
>> > smtp-use-starttls -S ssl-verify=ignore u...@gmail.com
>>
>> This is fine, provided that 10.10.12.5 is not reachable from outside via
>> NAT, and no other IP address reaches the same port 587 service.
>>
>> --
>>         Viktor.
>>
>
>

Reply via email to