Good morning, I'm setting up a new postfix server, it's going to be our inbound gateway and will also relay mail to certain domains that we need TLS for. I didn't notice any issues with the install, when I do "telnet localhost 25" I get this 220 mail.server.net ESMTP Postfix (Debian/GNU) ehlo localhost 250-mail.ourserver.net 250-PIPELINING 250-SIZE 70480000 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Looks OK but when I go to another server and try "telnet mail.ourserver.net 25" I get Connected to mail.ourserver.net. Escape character is '^]'. 220 ****************************************** ehlo tibus.com 250-mail.ourserver.net 250-PIPELINING 250-SIZE 70480000 250-ETRN 250-XXXXXXXA 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN No starttls but there is this 250-XXXXXXXA and I'm having trouble finding a clear answer as to what that is. There is another thing that may be causing an issue. We have a wildcard SSL that covers our whole domain *.ourserver.net, it's used on many server but in apache. I just lifted the key and the crt from one of the apache folders. Would that be an issue? Do I need to regenerate the key specifically for postfix or something?
think I've got it, the key thing here is the difference in banner between localhost and remote 220 mail.server.net ESMTP Postfix (Debian/GNU) 220 ****************************************** In my case at least, the ***** mean that the firewall is fiddling with SMTP traffic and sticking in its own banner. Apparently smtp inspection is enabled by default on Cisco Pix, I disabled it by using this sequence pix(config)#policy-map global_policy pix(config-pmap)#class inspection_default pix(config-pmap-c)#no inspect esmtp Now the starttls appears when I try it from my local machine Secondary question: this telnet test seems a bit simplistic to me, is there a more comprehensive method of verifying that the TLS is working properly?
