date:20201217

Javamail connection

2020-12-17 Thread James B. Byrne

I am attempting to configure a Javamail client embedded in a Jetty application
to send outgoing email through our outgoing MX.  I have the following variables
available to me:

Mail Host: 192.168.216.32
SMTP Authentication: Set to on
SMTP SSL/TLS: Set to on
SMTP Port: 465
Request Email: My personal email
Request User: My imap mailbox id
Request User Password: My imap mailbox password.

The gateway MX runs postfix-sasl-3.5.8,1.

postconf -n
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
compatibility_level = 2
content_filter = smtp-amavis:localhost:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 15m
disable_vrfy_command = yes
header_checks = regexp:$config_directory/header_checks.regexp
html_directory = /usr/local/share/doc/postfix
ignore_mx_lookup_error = no
inet_interfaces = localhost, 192.168.216.32, 216.185.71.32
inet_protocols = ipv4
local_transport = smtp
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 134217728
meta_directory = /usr/local/libexec/postfix
milter_default_action = accept
milter_protocol = 2
mydestination =
mydomain = harte-lyne.ca
myhostname = mx32.harte-lyne.ca
mynetworks = 216.185.71.0/24, 192.168.199.0/24, 192.168.216.0/24,
192.168.209.0/24, 192.168.8.0/24, 192.168.7.0/24, 192.168.6.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = $smtpd_milters
policyd-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 dun.dnsrbl.net*1
escalations.dnsbl.sorbs.net*1
postscreen_dnsbl_threshold = 2
queue_minfree = 201326592
rbl_reply_maps = hash:/usr/local/etc/postfix/rbl_reply
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
relay_clientcerts = hash:/usr/local/etc/postfix/relay_clientcerts
relay_domains = hash:/usr/local/etc/postfix/relay_domains
sample_directory = /usr/local/etc/postfix
sender_canonical_maps = hash:/usr/local/etc/postfix/canonical
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtp_dns_support_level = dnssec
smtp_host_lookup = dns, native
smtp_tls_CAfile = /usr/local/etc/pki/tls/certs/ca-bundle.crt
smtp_tls_cert_file = /usr/local/etc/pki/tls/certs/ca.harte-lyne.mx32.crt
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, 3DES, RC4, SEED, IDEA, RC2, 
RC5
smtp_tls_key_file = /usr/local/etc/pki/tls/private/ca.harte-lyne.mx32.key
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv3, !SSLv2
smtp_tls_protocols = TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv3, !SSLv2
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 6
smtpd_client_restrictions = permit
smtpd_data_restrictions = permit_mynetworks, reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
pcre:/usr/local/etc/postfix/helo_checks.pcre, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname, permit
smtpd_milters = inet:localhost:8891
smtpd_proxy_timeout = 300s
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_unauth_pipelining check_policy_service
inet:10023 check_policy_service unix:private/policyd-spf permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/usr/local/etc/postfix/sender_access, check_sender_mx_access
hash:/usr/local/etc/postfix/sender_mx_access, check_sender_ns_access
hash:/usr/local/etc/postfix/sender_ns_access, permit_sasl_authenticated,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_starttls_timeout = ${stress?10}${stress:120}s
smtpd_timeout = ${stress?10}${stress:120}s
smtpd_tls_CAfile = /usr/local/etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/pki/tls/certs/ca.harte-lyne.mx32.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, 3DES, RC4, SEED, IDEA, RC2, 
RC5
smtpd_tls_fingerprint_digest = sha256
smtpd_tls_key_file = /usr/local/etc/pki/tls/private/ca.harte-lyne.mx32.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_ma

Re: Javamail connection

2020-12-17 Thread Wietse Venema

James B. Byrne:
[ Charset ISO-8859-1 converted... ]
> I am attempting to configure a Javamail client embedded in a Jetty application
> to send outgoing email through our outgoing MX.  I have the following 
> variables
> available to me:
> 
> Mail Host: 192.168.216.32
> SMTP Authentication: Set to on
> SMTP SSL/TLS: Set to on
> SMTP Port: 465
> Request Email: My personal email
> Request User: My imap mailbox id
> Request User Password: My imap mailbox password.
...
> Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: SSL_accept error from
> accounting-2.internal.harte-lyne.ca[192.168.216.88]: lost connection

How is your port 465 service configured in master.cf?

Next email, DO NOT include debug logging.

Wietse

Re: Javamail connection

2020-12-17 Thread Wietse Venema

Wietse Venema:
> James B. Byrne:
> > I am attempting to configure a Javamail client embedded in a Jetty 
> > application
> > to send outgoing email through our outgoing MX.  I have the following 
> > variables
> > available to me:
> > 
> > Mail Host: 192.168.216.32
> > SMTP Authentication: Set to on
> > SMTP SSL/TLS: Set to on
> > SMTP Port: 465
> > Request Email: My personal email
> > Request User: My imap mailbox id
> > Request User Password: My imap mailbox password.
> ...
> > Dec 17 13:03:35 mx32 postfix-p465/smtpd[47327]: SSL_accept error from
> > accounting-2.internal.harte-lyne.ca[192.168.216.88]: lost connection
> 
> How is your port 465 service configured in master.cf?

Very likely, tls_wrappermode is turned on as it should be on port
465, which requires the client to speak first (no server greewting,
no client EHLO and STARTTLS).

Apparently, the client is configured to expect "port 578" server
where a server speaks first and sends a greeting before the client
sends EHLO and STARTTLS.

Wietse

> Next email, DO NOT include debug logging.
> 
>   Wietse
>

Re: Javamail connection

2020-12-17 Thread James B. Byrne




On Thu, December 17, 2020 14:28, Wietse Venema wrote:
> Wietse Venema:
>
> Very likely, tls_wrappermode is turned on as it should be on port
> 465, which requires the client to speak first (no server greewting,
> no client EHLO and STARTTLS).
>
> Apparently, the client is configured to expect "port 578" server
> where a server speaks first and sends a greeting before the client
> sends EHLO and STARTTLS.
>
>   Wietse

Did you mean port 587?

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

Re: Javamail connection

2020-12-17 Thread Wietse Venema

James B. Byrne:
[ Charset ISO-8859-1 converted... ]
> 
> 
> On Thu, December 17, 2020 14:28, Wietse Venema wrote:
> > Wietse Venema:
> >
> > Very likely, tls_wrappermode is turned on as it should be on port
> > 465, which requires the client to speak first (no server greewting,
> > no client EHLO and STARTTLS).
> >
> > Apparently, the client is configured to expect "port 578" server
> > where a server speaks first and sends a greeting before the client
> > sends EHLO and STARTTLS.
> >
> > Wietse
> 
> Did you mean port 587?

Of course. Have you looked into the service type mismatch, wthere
the client expects a service like "submission" where the server
speaks first (plaintext SMTP before the client sends STARTTLS),
whereas Postfix is configured for the "smtps" service where the
client speaks first (as part of the TLS handhake, there is no
plaintext SMTP phase).

Wietse

Javamail connection

Re: Javamail connection

Re: Javamail connection

Re: Javamail connection

Re: Javamail connection

5 matches

Site Navigation

Mail list logo

Footer information