After a lot of opposition from the Firewall dude "The Cisco can't do that!", he
gave in as I found the configuration setting in Cisco, and the documentation
clearly stated it was enabled by default, he disabled the feature in the
firewall cluster, and lo and behold, the starttls appeared as by magic :-D
The problem is solved, thankyou all for your help!
Den 9:06 torsdag den 23. november 2017 skrev K F <[email protected]>:
Ok, very interesting, I've gone through all the settings with the postfinger,
and it looked ok.So I tried just telnetting in to port 25 locally, and oddly
enough it showed starttls :-) ?So I did a 'openssl s_client -starttls smtp ...
' on port 25 locally, and that showed the certificate and chain correctly.This
is all good, but I couldn't figure out why it worked all of the sudden.
Done locally220 bounce ESMTP Postfix
ehlo google.dk
250-bounce
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Done from my workstation220 ********************
ehlo google.dk
250-bounce
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-XXXXXXXA
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AHaaaa, so I guess some cisco sh.. is messing with me, obfuscating the output
(note the 220 ******)I might have to kill the firewall dude after this :-D
Best regards
Den 8:38 torsdag den 23. november 2017 skrev K F <[email protected]>:
Let me reiterate, that I do appreaciate the help from everyone, secondly I
would suggest you work on your people skills, if it's too bothersome for you to
treat others with respect, then don't answer.
The first reply I got to this question was from Michael Munger, it read: For
the lack of STARTTLS offers: /etc/postfix/main.cf:
smtpd_tls_security_level = may For the rejections: Most likely, your
recipient is getting rejected because postfix cannot properly communicate with
MySQL or the queries are wrong. Since you’re trying to do this with a MySQL
backend, we need (at minimum) the MySQL conf files. Sanitize ONLY the
passwords to foopass and main username to foouser. Don’t try to change table
names or columns to obfuscate your structure. A good place to start is to
look at the actual queries being sent to MySQL. You can do that by enabling
logging in the CLI, and then looking at the queries that are coming through:
Thus, I provided the Mysql lines, and wrote that I didnn't see the relevance,
but having asked for help, I felt that I couldn't just deny it.On closer
inspection of the original mail, I can see it was sent directly to me, and not
to the list, so you might not have seen it in the thread, but give others the
benefit of the doubt.
Lastly, I will set up the debugging as you've suggested to investigate further.
Den 19:18 onsdag den 22. november 2017 skrev Viktor Dukhovni
<[email protected]>:
> On Nov 22, 2017, at 3:30 AM, K F <[email protected]> wrote:
>
> Hi Viktor
>
> openssl confirms that the chain is valid, this is what I see when I restart
> postfix:
>
> Nov 22 09:29:00 bounce postfix/postfix-script[21178]: stopping the Postfix
> mail system
> Nov 22 09:29:00 bounce postfix/master[18258]: terminating on signal 15
> Nov 22 09:29:00 bounce postfix/postfix-script[21256]: starting the Postfix
> mail system
> Nov 22 09:29:00 bounce postfix/master[21258]: daemon started -- version
> 2.10.1, configuration /etc/postfix
You really should read what you were asked to post with a
bit more attention...
>>> Thankyou all for helping me out, and giving me ideas on what to look at.
>>
>> http://www.postfix.org/DEBUG_README.html#logging
>> http://www.postfix.org/DEBUG_README.html#mail
Read the above and post as directed.
>>
>> Run "postfix reload" and post the any pre-connection warnings
>> logged by the first post-reload smtpd(8) process, as well as
>> full logging from "connect" to "disconnect" for its first client.
>> Your certificate chain is likely misconfigured and so TLS is
>> disabled.
Read the above and post as directed.
--
Viktor.
