Hi, once you correct your configuration this may help you test it is correct
1. Run this to test connectivity to your server via STARTTLS [Submission in
master.cf]
openssl s_client -starttls smtp -connect your.host.name:587
Typical OUTPUT =
250 DSN
quit
221 2.0.0 Bye
closed
2. Run this to test connectivity to your server via SMTPS
openssl s_client -connect your.host.name:465
Typical OUTPUT =
220 your.host.name ESMTP Postfix (2.10.1)
3. Run this to create a hash
python -c 'import base64,sys; u,p=sys.argv[1:3]; print
base64.encodestring("%s\x00%s\x00%s" % (u,u,p))' username password
OUTPUT = dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
Replace username and password with real ones
Once Steps 1 and 2 work, you can test authentication with the hash in Step 3
4. Run the openssl commands and connect to your server.
A. do and "ehlo domain" to see commands supported
EXAMPLE :
ehlo domain
250-localpart.domain.part
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
B. execute the AUTH PLAIN LOGIN command option using the HASH you made
in Step 3
AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
C. look for output
235 2.7.0 Authentication successful
5. you can just type quit or finish the smtp commands and send yourself an
email. Also errors should show up at stdout if you still have any.
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
ang...@uconn.edu
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
-----Original Message-----
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On
Behalf Of Viktor Dukhovni
Sent: Monday, December 10, 2018 10:01 AM
To: Postfix users <postfix-users@postfix.org>
Subject: Re: SSL not working after unwanted server migration
> On Dec 10, 2018, at 9:46 AM, Marco Fioretti <marco.fiore...@gmail.com> wrote:
>
> This afternoon I have urgent family matters to attend, not sure if I
> will able to test and report before tomorrow afternoon about all the
> other advice I got so far.
You can skip all the other advice. You need to post logs, specifically
logs that report the problem initializing TLS support in smtpd(8) and
smtp(8). You also need to confirm the configured file names, and
report "ls -l" output for the *exact* files in your configuration, not
some similarly named files. The file permissions should be standard,
owner root mode 0600 for private keys, and either 0600 or 0644 for
certs if separate and there are no keys in the cert files.
> But I need to restore email anyway asap, and right
> now it feels as being forced to solve a puzzle without knowing what it
> represents...
The answers are in the logs.
--
Viktor.
