Finally it start working.... No idea what was happening or what expect
to receive the other server. It just start working but not idea which
was the problem :( Thank you very much for your help.
El 21/6/19 a las 23:07, Viktor Dukhovni escribió:
On Thu, Jun 20, 2019 at 12:43:22PM +0200, David López wrote:
postfix/smtp[]: : to=<em...@domain.com>,
relay=MXhost[xxx.xxx.xxx.xxx]:25, delay=2190,
delays=2186/0.03/3.9/0.13,
dsn=4.7.0, status=deferred (host MXdomain[xxx.xxx.xxx.xxx] said: 403
4.7.0 not authenticated (in reply to MAIL FROM command))
The error message is from the server, which expects your client to
present authentication credentials. Which ones depends on what
the server operator documents as the expected means for clients
to prove they are one of the ones authorized to access the server.
I get a log server from the other side.
Is there any documentation that explains what the remote server
expects as client credentials? Have you asked the server operator
to clarify?
STARTTLS=server, relay=DOMAIN [xxx.xxx.xxx.xxx], version=TLSv1/SSLv3,
verify=NO, cipher=ECDHE-RSA-AES256-SHA, bits=256/256
This is not useful. You're still tilting at the TLS windmill, but
there's no information to suggest that TLS is relevant.
So maybe the problem is here. It expects connect from fqdn and it
arrives from domain? Is strange because I see in the handshake is
showed with fqdn, but connects from domain.
This is irrelevant.
I checked mydomain, smtpbanner, myhostname and I think is ok but still
get deferred while sending.
The server's error message said the client is *authenticated*, don't
waste your time on unrelated issues.
On Fri, Jun 21, 2019 at 10:29:22PM +0200, David López wrote:
It seems from the other side logs that the problem is that "No certificate
was presented."
That's normal. Don't waste your time on distractions. There is
ONLY ONE relevant question, namely:
* What type of client authentication does the remote server
expect and accept?
Everything else is a distraction. Now it is possible (though very
much not common) that a client certificate is expected, but then
there would need to be some sort of published process for the client
to enroll for one issued by the server operator, or provide the
operator with an existing one they can register.
The server is access controlled, you can only use it with the
credentials that the server operator documents as acceptable.
