We are running Postfix 3.2.2 on RHEL6, with opportunistic TLS enabled. When our
central servers connect to most of our other local non-Postfix systems, the
connection is logged as Trusted:
Aug 7 08:00:01 emgwy1 postfix/smtp[2445]: Trusted TLS connection established
to exchcs31.ornl.gov[128.219.12.145]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-SHA384 (256/256 bits)
However, when they connect to another Postfix box, it's logged as Anonymous:
Aug 7 04:42:37 emgwy1 postfix/smtp[9798]: Anonymous TLS connection established
to email.ornl.gov[160.91.4.92]:25: TLSv1.2 with cipher AECDH-AES256-SHA
(256/256 bits)
Is this a problem? If so, how do I fix it?
The remote TLS certs are signed by Thawte. Here are the local TLS settings:
# Incoming TLS
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/xyzz.key
smtpd_tls_cert_file = /etc/pki/tls/certs/xyzz-plus-inter.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
# Outgoing TLS
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_loglevel = 1
Thanks,
Larry M. Rosenbaum
Oak Ridge National Laboratory
Linux emgwy1 2.6.32-696.6.3.el6.x86_64 #1 SMP Fri Jun 30 13:24:18 EDT 2017
x86_64 x86_64 x86_64 GNU/Linux
postconf -n output:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 10m
bounce_queue_lifetime = 1d
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
em2snpp_destination_recipient_limit = 1
enable_long_queue_ids = yes
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 26214400
meta_directory = /usr/share/postfix
mydestination = $myhostname, localhost.$mydomain, localhost, gotmail.ornl.gov
mydomain = ornl.gov
myhostname = emgwy1.ornl.gov
mynetworks = !cidr:${config_directory}/mynetworks_exclude,
cidr:${config_directory}/mynetworks
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains = smtpd_access_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-3.2.2/README_FILES
recipient_delimiter = +
relay_domains = $mydestination, !hash:/etc/postfix/virtual_domains,
hash:/etc/postfix/relay_domains
relay_generic_maps = hash:/etc/postfix/generic_rewrite
remote_header_rewrite_domain = ornl.gov
sample_directory = /usr/share/doc/postfix-3.2.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = no
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_client_event_limit_exceptions = hash:/etc/postfix/nolimit
smtpd_client_message_rate_limit = 1000
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/access_client
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/access_recipient, permit_mynetworks, reject_unauth_destination
smtpd_tls_cert_file = /etc/pki/tls/certs/xyzz-plus-inter.crt
smtpd_tls_key_file = /etc/pki/tls/private/xyzz.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtputf8_enable = no
transport_maps = hash:/etc/postfix/transport_bounce, hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_domains
virtual_alias_maps = hash:/etc/postfix/virtual_static,
hash:/home/x2l_xfer/virtual_offsite, hash:/etc/postfix/virtual_badhost,
pcre:/etc/postfix/regex_rewrite, ldap:/etc/postfix/ldap-virtual.cf,
ldap:/etc/postfix/ldap-virtual-atornl.cf
