LuKreme wrote:
On 14-Mar-2009, at 13:02, mouss wrote:
test the connection manually:
$ telnet yourserv 587
...
EHLO yourclienthostname
...
QUIT
Right, I do know that. Sorry if I wasn't clear, my only point was that
what was actaully logged under submit was not useful and expressing
disappointment that there wasn't something like "TLS failed" "AUTH
failed" or "Hey, dumbass, you forgot to create a valid cert". Something
along those lines.
The logging is the same. You can increase logging with
debug_peer_list, but it's not clear that will help...
Setting smtpd_tls_log_level = 1 will show if the client
established TLS.
But you should really be testing with telnet and openssl
s_client before you start testing with a MUA.
Turn off TLS and test AUTH with a telnet session. Use openssl
s_client just to test TLS connectivity - if you get the 220
greeting banner TLS is working correctly.
The instructions at
http://www.postfix.org/TLS_README.html#quick-start
are about the simplest for setting up a self-signed
certificate that will work with postfix. Follow them
carefully. You can distribute the cacert.pem root public key
so others can verify your cert, but that isn't usually
necessary; they can just click the "trust this server" or
whatever in their mail client after the initial "untrusted
certificate" message.
-- Noel Jones
