On Wed, Jul 8, 2009 at 2:11 PM, Brian Evans - Postfix List <
[email protected]> wrote:
> New Old Stk wrote: > For some unknown reason my mail client cannot connect
> to newly built
> > FreeBSD mail server to send emails - connection refused. Originally I
> > was intending to build secure connection using SASL2 and TLS/SSL but
> > like I said I experience difficulties connecting to SMTP server.
>
> > 5. I can telnet localhost 25 and openssl localhost:25 during my ssh >
> session.
>
>
> This is not enough, see below.
> > > 6. Here's the output of postconf -n
> >
> >
> > broken_sasl_auth_clients = yes
> >
>
> [snip]
> > > smtpd_recipient_restrictions = permit_sasl_authenticated
> > permit_mynetworks reject_unauth_destination
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_local_domain = $mydomain
> > smtpd_sasl_security_options = noanonymous
> > smtpd_tls_CAfile =
> > /usr/local/openssl/certs/mailexpeditor.com-CAcert.pem
> > smtpd_tls_auth_only = yes
> >
>
>
> This means, do not offer AUTH unless TLS is active. So, you *must* test
> with TLS active using:
> openssl s_client -starttls smtp -connect localhost:25
> If you do not see AUTH after entering "EHLO localhost", then it will
> never work.
>
> Brian
>
>
Sorry Brian, i didn't post the full command I was testing the connection
with. Yes, it had -starttls among other things and it did work fine. I was
able to connect, AUTH PLAIN generated string (below) and get 235 2.0.0
Authentication successful:
#perl -MMIME::Base64 -e 'print encode_base64("\0username\0password")'
*AHVzZXJuYW1lAlXXXX&YYYYZZZZ*
#openssl s_client -starttls smtp -crlf -connect localhost:25
Any ideas?
Many thanks
George
