On Thu, 06 Aug 2009 12:34:30 +0200, "A.L.E.C" <[email protected]> wrote:
> Julien Vehent wrote:
>
>> OK, so to use STARTTLS with roundcube, the postfix server must be
>> configured with the option smtpd_enforce_tls = yes, right ?
>
> No, it is must not. As I see in the code, STARTTLS is called when
> authentication
> is requested (when smtp_user and smtp_pass options in Roundcube config
are
> set) and
> (from Net_SMTP):
>
> version_compare(PHP_VERSION, '5.1.0', '>=')
> && extension_loaded('openssl')
> && isset($this->_esmtp['STARTTLS'])
> && strncasecmp($this->host, 'ssl://', 6) != 0
OK, It confirms what I read in the postfix doc, that the server must not
enforce STARTTLS (RFC 2487).
So, I have the following roundcube configuration :
------
// use this host for sending mails.
// to use SSL connection, set ssl://smtp.host.com
// if left blank, the PHP mail() function is used
$rcmail_config['smtp_server'] = 'ssl://localhost';
// SMTP port (default is 25; 465 for SSL)
$rcmail_config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username RoundCube
// will use the current username for login
$rcmail_config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password RoundCube
// will use the current user's password for login
$rcmail_config['smtp_pass'] = '%p';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$rcmail_config['smtp_auth_type'] = '';
------
The following postfix configuration :
------
# TLS server options
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
smtpd_tls_key_file = [keyfile]
smtpd_tls_cert_file = [pemcert]
smtpd_tls_CAfile = [cafile]
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
------
and the following trace when I try to send an email from roundcube to my
gmail account :
http://www.linuxwall.info/files/starttlsroundcubetrace.pcap.txt
Postfix sends its banner in packet '12:43:23.225014' and then roundcube
ACK it and does nothing more. It doesn't send any more data.
My understanding is that roundcube should then announce itself through a
'EHLO' command, and postfix would returns its capabilities.
But instead, postfix then announce that the command has not been
recognized (but what command ? ack number didn't change between
'12:43:23.209554' and '12:43:23.225096' so no data have been
transmitted...)
It's weird, and I don't know how to debug it further...
The only thing I'm sure of, is that this postfix configuration works fine
with thunderbird in TLS mode.
Julien
_______________________________________________
List info: http://lists.roundcube.net/dev/
