SV: Problem with using STARTTLS

Tue, 21 Nov 2017 23:39:07 -0800 

Hi 'Postmaster'
As I see it, that doesn't offer starttls in the ehlo handshake either?
 

    Den 19:45 tirsdag den 21. november 2017 skrev Postmaster 
<postmas...@postfix.io>:
 

 Hi,
ISPs do not validate certificate when Starttls is used, however it can very 
helpful for inbound trusted sources. I wrote quick howto, it may helpful for 
you. 
https://www.postfix.io/how-to-enable-inbound-tlsstarttls-in-postfix-with-signed-certificate-from-caletsencrypt/
Thanks.
On Nov 21, 2017 14:54, "K F" <fribse2...@yahoo.dk> wrote:

Hi Guys
I'm having a couple of problems.I have the certificate configured, but I can't 
seem to be able to send to the server with STARTTLS
If I connect on port 25 with EHLO, it doesn't show that it can do starttls?
If I connect on port 587, it shows that it can do starttls, but the receipient 
is rejected.
Some examples from the logfile, both sending with the same info:
Without TLS:Nov 21 14:33:31 bounce postfix/lmtp[14706]: B0E8110092B71: 
to=<u...@helpdesk.dk>, relay=bounce[private/dovecot- lmtp], delay=0.06, 
delays=0.05/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <u...@helpdesk.dk> 
dXDgL/oqFFpzOQAAtPSY4w Saved)
With TLSNov 21 14:32:02 bounce postfix/submission/smtpd[ 14601]: NOQUEUE: 
reject: RCPT from alpha00021[x.x.x.x]: 554 5.7.1 <u...@helpdesk.dk>: Recipient 
address rejected: Access denied; from=<t...@domain.dk> to=<u...@helpdesk.dk> 
proto=ESMTP helo=<domain.dk>
This will be a public SMTP server, so there is no authentication, but it should 
allow STARTTLS to run anyways.
I hope somebody can tell me what I did wrong in postfix?
This is from main.cf
myhostname = bounce
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/m 
ysql_virtual_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/m ysql_virtual_alias_maps.cf, 
proxy:mysql:/etc/postfix/sql/m ysql_virtual_alias_domain_ maps.cf, 
proxy:mysql:/etc/postfix/sql/m ysql_virtual_alias_domain_ catchall_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/m 
ysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/m 
ysql_virtual_alias_domain_ mailbox_maps.cf
smtpd_tls_cert_file = /etc/pki/tls/certs/star. domain.combined.pem
smtpd_tls_key_file = /etc/pki/tls/private/star. domain.dk.key
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_unauth_destination
mynetworks = 127.0.0.0/8

Reply via email to