John wrote: > G T Smith wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> John wrote: >> >>> Hi, >>> >>> I'm still trying to send email from my mobile phone through my Postfix >>> (on SuSE 10.0) server. I believe I have a TLS connection set up and >>> working but the server does not allow me to relay mail from my phone to >>> external recipients. Copy of log for such an attempt follows:
Just a little question. In your config below I see two possibilities to authenticate: either by using conventional user/pass or by using a client certificate. Which one are you trying to implement? Did you test both of them? >> > postconf output follows: > broken_sasl_auth_clients = yes > mynetworks = 127.0.0.0/8, 192.168.74.0/24, 192.168.80.0/24, 10.0.0.0/24 > relay_clientcerts = hash:/etc/postfix/relay_ccerts > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, permit_tls_clientcerts, > reject_unauth_destination > smtpd_sasl_application_name = smtpd > smtpd_sasl_auth_enable = no Er, hello?!? If you want to use smtp auth you need to set this to "yes"! smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = > smtpd_sasl_security_options = noanonymous, noplaintext > smtpd_sasl_tls_security_options = noanonymous > smtpd_tls_CAfile = /Certificates/ssl/Authority/CA.crt > smtpd_tls_ask_ccert = yes > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = > /Certificates/ssl/Certificate/PostOffice.DMJ-Consultancy.me.uk.unc > smtpd_tls_key_file = > /Certificates/ssl/Key/PostOffice.DMJ-Consultancy.me.uk.unc > smtpd_tls_loglevel = 0 > smtpd_tls_received_header = yes > smtpd_tls_req_ccert = yes > smtpd_use_tls = yes The rest looks fine. If you are trying to use client certs, did you put the client cert on your phone? I don't remember seeing a line in the tls log where the client (your phone) is presenting a client certificate. If you can't get saslfinger to work, please show the output of the last line of this command (the capabilities of your server after a tls connection has been established and the ehlo command is invoked. openssl s_client -starttls smtp -connect localhost:25 ehlo localhost Please also post the content of /usr/lib/sasl2/smtpd.conf. If you are trying to use client certificates for authentication please also post the content of /etc/postfix/relay_ccerts and verify that it is indeed the fingerprint of your client certificate. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
