Re: Config advice

Thu, 25 Sep 2014 10:36:33 -0700 

Hi List
Just for the records. I tried to install another ssl certificate, and then it works. This means that Thunderbird doesn't like the self signed certificate generated by plugins/tls_cert 


I just would have wanted Thunderbird to tell about it. Instead it just 
stopped very Microsoftish with an "unknown error" :-(



Hi Matt

Thanks for your reply, I really appreciate that.

Against, standard behavior is to accept authenticated local users on 
port 587.



I only have 25 to play with (without having to do a lot of 
reshuffling, which I hope to avoid). But I guess that shoud be OK - 
it's been working with qpsmtpd-0.40 for years.


When I try with swaks, it just works:


swaks -t -tls -p 25 --server smtp.host.tld -f ka...@host.tld -t 
kaare@another.place  -ao --auth-user=ka...@host.tld



It authenticates and the message reaches the destination. But with 
Thunderbird I get



23000 Accepted connection 0/15 from 62.61.159.141 / 
PO4-0.155M.rc00-alb.aplus.dk

23000 Connection from PO4-0.155M.rc00-alb.aplus.dk [62.61.159.141]
23000 (connect) ident::geoip: DK
23000 (connect) fcrdns: fail, no PTR hosts have forward DNS
23000 (connect) earlytalker: pass, not spontaneous
23000 (connect) relay: skip, no match
23000 (connect) dnsbl: fail, NAUGHTY, zen.spamhaus.org

23000 220 li757-176 ESMTP qpsmtpd 0.93/v0.93 ready; send us your mail, 
but not your spam.

23000 dispatching EHLO sender.domain.tlf
23000 (ehlo) helo: fail, no forward or reverse DNS match
23000 (ehlo) helo: fail, tolerated, no matching DNS
23000 250-li757-176 Hi PO4-0.155M.rc00-alb.aplus.dk [62.61.159.141]
23000 250-PIPELINING
23000 250-8BITMIME
23000 250 STARTTLS
23000 dispatching STARTTLS
23000 220 Go ahead with TLS
23000 (unrecognized_command) tls: TLS setup returning
23000 (post-connection) connection_time: 1.325 s.
22998 cleaning up after 23000


Seems it just bails out after tls. I've tried to increase loglevel, 
but nothing seems to happen. I've tried to remove various plugins, but 
it makes no difference.



In your config/plugins entry, add the option "relayclient skip" to 
the spamassassin line like this: spamassassin relayclient skip and 
authenticated users won't have their messages scanned. 



Super, that's a neat trick. It's not a thing that works with other 
plugins as well, e.g. dnsbl? I seem to share IP address with an 
infested Windows somewhere.
























					Reply via email to