I am using Postfix, Dovecot, Mysql(virtual users), ClamAV(without Amavis), and Spamassassin. (running saslauthd(rimap), clamsmtpd, and spamd) I am attempting to allow authed users (only) to relay mail to the outside, and I want a wildcard SSL cert to encrypt the authing process. I read that I should use Outgoing port 587 and SSL/TLS to do this. I can receive mail using incoming port 995 and SSL/TLS setting. I can NOT send (relay) using port 25 (can send to same-domain, but not outside the machine). I can send (relay) mail using outgoing port 465 OR 587 with STARTTLS setting. I can NOT send (relay) using outgoing port 587 with SSL/TSL setting. Code: # telnet mail.mydomain.com 587 Trying xxx.xxx.xxx.xx... Connected to mail.mydomain.com. Escape character is '^]'. 220 mail.mydomain.com ESMTP mail.mydomain.com (Debian/GNU) >>ehlo CopalFreak 250-mail.mydomain.com 250-PIPELINING 250-SIZE 104857600 250-ETRN 250-STARTTLS 250-ENHANDEDSTATUSCODES 250-8BITMIME 250 DSN >>QUIT 221 2.0.0 Bye Connection closed by foreign host. I was trying to figure out how to use telnet to debug it a bit more but got stuck here: Code: >>telnet mail.mydomain.com 587 Trying xx.xx.xx.xx... Connected to mail.mydomain.com. Escape character is '^]'. 220 mail.mydomain.com ESMTP mail.mydomain.com (Debian/GNU) >>ehlo [email protected] 250-mail.mydomain.com 250-PIPELINING 250-SIZE 104857600 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>AUTH LOGIN 438 4.7.0 Encryption required for requested authentication mechanism >>AUTH LOGIN PLAIN 438 4.7.0 Encryption required for requested authentication mechanism >>STARTTLS 220 2.0.0 Ready to start TLS >>EHLO [email protected] Connection closed by foreign host. This is probably a very big indicator of whats happening, but I have no clue how to diagnose it. Onward.. Code: # lsof -i -n | grep "submission" master 8705 root 15u IPv4 229999 0t0 TCP *:submission (LISTEN) Code: #nmap localhost 587/tcp open submission For brevity sake, I have limited the master.cf and main.cf contents below to the stuff that I think might affect it. If there is something that I have missed that might be important, just let me know. Code: # ----------------------------------------------------------------------------------------- # relevant portions of /etc/postfix/master.cf # ----------------------------------------------------------------------------------------- smtp inet n - n - - smtpd -o content_filter=scan:127.0.0.1:10025 submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable-yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=/var/spool/postfix/private/auth -o smtpd_sasl_security_options-noanonymous -o smtpd_sasl_local_domain-$myhostname smtps inet n - n - - smtpd scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes -o smtp_enforce_tls=no smtp unix - - n - - smtp spamassassin unix - n n - - pipe user=spamd argv=/usr./bin/spamc -f -e /usr/sbin/sendmail -oi -f${sender} ${recipient} # for injecting mail back into postfix from the filter 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter=spamassassin -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/libexec/dovecot/deliver -d ${recipient} # ----------------------------------------------------------------------------------------- # End master.cf # ----------------------------------------------------------------------------------------- Code: # ----------------------------------------------------------------------------------------- # relevant portions of /etc/postfix/main.cf # ----------------------------------------------------------------------------------------- relay_domains = $mynetworks smtpd_client_restictions = smtp_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_exceptions_networks = $mynetworks broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sender_login_maps = $virtual_login_maps smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_helo_required = yes smtpd_tls_ask_ccert = no smtpd_tls_req_ccert = no smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_received_header = no smtpd_tls_loglevel = 1 smtpd_sasl_auth_enable - yes smtpd_use_tls = yes smtpd_tls_cert_file = /path/to/MyCert.pem smtpd_tls_key_file = /path/to/MyKey.pem smtpd_tls_CAfile = /path/to/MyCA-Cert.pem smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 # ----------------------------------------------------------------------------------------- # End main.cf # ----------------------------------------------------------------------------------------- One thing that might be affecting it is in the mail log, I see : Code: postfix/anvil[17020]: statistics: max connection rate 2/60s for (submission:xx.xx.xx.xx) at Aug 27 02:28:29 In the main.cf I have this..but not sure if that's actually affecting it or not. Code: smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 Other than that, I don't see any errors or anything in the logs. (which actually bothers me a bit) Any help would be appreciated. Thanks! -=*CopalFreak*=-
