Here it is: --- smtpd.conf --- ca mail.mydomain.net certificate "/usr/local/etc/letsencrypt/archive/ mydomain.net/chain1.pem" pki mail.mydomain.net certificate "/usr/local/etc/letsencrypt/archive/ mydomain.net/cert1.pem" pki mail.mydomain.net key "/usr/local/etc/letsencrypt/archive/ mydomain.net/privkey1.pem" pki mail.mydomain.net dhparams "/etc/ssl/dh2048.pem"
listen on lo0 hostname localhost listen on egress tls-require hostname mail.mydomain.net table aliases db:/usr/local/etc/mail/aliases.db table vdomains file:/usr/local/etc/mail/virtualdomains table vusers file:/usr/local/etc/mail/virtualusers accept from any for domain <vdomains> virtual <vusers> deliver to maildir accept for local alias <aliases> deliver to maildir accept for any relay --- end smtpd.conf --- virtualdomains just lists three domains I own, while virtualusers maps jason@ those domains to my local user. Thanks. Jason On 30 January 2017 at 10:24, Gilles Chehade <gil...@poolp.org> wrote: > On Fri, Jan 27, 2017 at 02:41:47PM +0000, Jason Mann wrote: > > Hello list. > > > > I'm trying to configure OpenSMTPD 5.9.2 on a FreeBSD server but I'm > seeing > > anomalous behaviour with one of my listen directives. > > > > The directive in question is: > > > > listen on egress tls-require hostname mail.mydomain.net > > > > My only other listen directive is usual localhost one. > > > > can you show your full config please ? > > > > The smtpd.conf man page states: "tls-require may be used to force clients > > to establish a secure connection before being allowed to start an SMTP > > transaction". > > > > I ran a telnet test against the server to see how the forcing of TLS > takes > > place, but it didn't happen. I was able to manually submit a message to > > OpenSMTPD without TLS as follows: > > > > $ telnet a.mx.mydomain.net 25 > > Trying xxxx:xxx:xx:xxx::x:xxxx... > > Connected to a.mx.mydomain.net. > > Escape character is '^]'. > > 220 mail.mydomain.net ESMTP OpenSMTPD > > HELO jmann-mbp > > 250 mail.mydomain.net Hello jmann-mbp > > [IPv6:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx], > > pleased to meet you > > MAIL FROM:<jmann@jmann-mbp> > > 250 2.0.0: Ok > > RCPT TO:<ja...@mydomain.net> > > 250 2.1.5 Destination address valid: Recipient ok > > DATA > > 354 Enter mail, end with "." on a line by itself > > From: Jason Mann <jmann@jmann-mbp> > > To: Jason Mann <ja...@mydomain.net> > > Subject: Test 4 > > > > This is a test. > > . > > 250 2.0.0: f20f3998 Message accepted for delivery > > QUIT > > 221 2.0.0: Bye > > > > What may be wrong here? > > > > Kind regards, > > > > Jason > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg >