I am attempting to configure a Javamail client embedded in a Jetty application
to send outgoing email through our outgoing MX. I have the following variables
available to me:
Mail Host: 192.168.216.32
SMTP Authentication: Set to on
SMTP SSL/TLS: Set to on
SMTP Port: 465
Request Email: My personal email
Request User: My imap mailbox id
Request User Password: My imap mailbox password.
The gateway MX runs postfix-sasl-3.5.8,1.
postconf -n
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
compatibility_level = 2
content_filter = smtp-amavis:localhost:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 15m
disable_vrfy_command = yes
header_checks = regexp:$config_directory/header_checks.regexp
html_directory = /usr/local/share/doc/postfix
ignore_mx_lookup_error = no
inet_interfaces = localhost, 192.168.216.32, 216.185.71.32
inet_protocols = ipv4
local_transport = smtp
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 134217728
meta_directory = /usr/local/libexec/postfix
milter_default_action = accept
milter_protocol = 2
mydestination =
mydomain = harte-lyne.ca
myhostname = mx32.harte-lyne.ca
mynetworks = 216.185.71.0/24, 192.168.199.0/24, 192.168.216.0/24,
192.168.209.0/24, 192.168.8.0/24, 192.168.7.0/24, 192.168.6.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = $smtpd_milters
policyd-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 dun.dnsrbl.net*1
escalations.dnsbl.sorbs.net*1
postscreen_dnsbl_threshold = 2
queue_minfree = 201326592
rbl_reply_maps = hash:/usr/local/etc/postfix/rbl_reply
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
relay_clientcerts = hash:/usr/local/etc/postfix/relay_clientcerts
relay_domains = hash:/usr/local/etc/postfix/relay_domains
sample_directory = /usr/local/etc/postfix
sender_canonical_maps = hash:/usr/local/etc/postfix/canonical
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtp_dns_support_level = dnssec
smtp_host_lookup = dns, native
smtp_tls_CAfile = /usr/local/etc/pki/tls/certs/ca-bundle.crt
smtp_tls_cert_file = /usr/local/etc/pki/tls/certs/ca.harte-lyne.mx32.crt
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, 3DES, RC4, SEED, IDEA, RC2,
RC5
smtp_tls_key_file = /usr/local/etc/pki/tls/private/ca.harte-lyne.mx32.key
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv3, !SSLv2
smtp_tls_protocols = TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv3, !SSLv2
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 6
smtpd_client_restrictions = permit
smtpd_data_restrictions = permit_mynetworks, reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
pcre:/usr/local/etc/postfix/helo_checks.pcre, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname, permit
smtpd_milters = inet:localhost:8891
smtpd_proxy_timeout = 300s
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_unauth_pipelining check_policy_service
inet:10023 check_policy_service unix:private/policyd-spf permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/usr/local/etc/postfix/sender_access, check_sender_mx_access
hash:/usr/local/etc/postfix/sender_mx_access, check_sender_ns_access
hash:/usr/local/etc/postfix/sender_ns_access, permit_sasl_authenticated,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_starttls_timeout = ${stress?10}${stress:120}s
smtpd_timeout = ${stress?10}${stress:120}s
smtpd_tls_CAfile = /usr/local/etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/pki/tls/certs/ca.harte-lyne.mx32.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, 3DES, RC4, SEED, IDEA, RC2,
RC5
smtpd_tls_fingerprint_digest = sha256
smtpd_tls_key_file = /usr/local/etc/pki/tls/private/ca.harte-lyne.mx32.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv3, !SSLv2
smtpd_tls_protocols = TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv3, !SSLv2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
tls_preempt_cipherlist = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
regexp:/usr/local/etc/postfix/virtual.regexp
postconf -M
. . .
smtps inet n - n - - smtpd -v
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject_unauth_destination
-o
smtpd_sender_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject_unauth_destination
-o milter_macro_daemon_name=ORIGINATING
-o syslog_name=postfix-p465
. . .
What I see in the MX maillog is this:
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: connection established
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: master_notify: status 0
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: name_mask: resource
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: name_mask: software
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: connect from
accounting-2.internal.harte-lyne.ca[192.168.216.88]
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: match_list_match:
accounting-2.internal.harte-lyne.ca: no match
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: match_list_match:
192.168.216.88: no match
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: match_list_match:
accounting-2.internal.harte-lyne.ca: no match
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: match_list_match:
192.168.216.88: no match
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: smtp_stream_setup: maxtime=120
enable_deadline=0
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: auto_clnt_open: connected to
private/tlsmgr
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: send attr request = seed
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: send attr size = 32
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: private/tlsmgr: wanted
attribute: status
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: input attribute name: status
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: input attribute value: 0
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: private/tlsmgr: wanted
attribute: seed
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: input attribute name: seed
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: input attribute value:
akW6ri3JY/r6LEFzcDcB+MTgdqI3fKU6n2wU7jUYiPk=
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: private/tlsmgr: wanted
attribute: (list terminator)
Dec 17 13:03:15 mx32 postfix-p465/smtpd[47327]: input attribute name: (end)
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: SSL_accept error from
accounting-2.internal.harte-lyne.ca[192.168.216.88]: lost connection
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: match_hostname:
smtpd_client_event_limit_exceptions: accounting-2.internal.harte-lyne.ca ~?
216.185.71.0/24
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: match_hostaddr:
smtpd_client_event_limit_exceptions: 192.168.216.88 ~? 216.185.71.0/24
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: match_hostname:
smtpd_client_event_limit_exceptions: accounting-2.internal.harte-lyne.ca ~?
192.168.199.0/24
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: match_hostaddr:
smtpd_client_event_limit_exceptions: 192.168.216.88 ~? 192.168.199.0/24
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: match_hostname:
smtpd_client_event_limit_exceptions: accounting-2.internal.harte-lyne.ca ~?
192.168.216.0/24
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: match_hostaddr:
smtpd_client_event_limit_exceptions: 192.168.216.88 ~? 192.168.216.0/24
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: lost connection after CONNECT
from accounting-2.internal.harte-lyne.ca[192.168.216.88]
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: disconnect event to all milters
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: disconnect from
accounting-2.internal.harte-lyne.ca[192.168.216.88] commands=0/0
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: free all milters
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: free milter inet:localhost:8891
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: master_notify: status 1
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: connection closed
Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: auto_clnt_close: disconnect
private/tlsmgr stream
What is Postfix asking for or is waiting on?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
