On Jul 8, 2009, at 2:16 PM, New Old Stk wrote:
Looks like I spoke to early about tricky Cisco router. Just had our
modem/router equipment replaced, hoping it would fix the problem but
to no avail! I give up.
in the cisco box , did you remove any " fixup smtp "protocols / ports ?
On Wed, Jul 8, 2009 at 6:03 PM, New Old Stk
<[email protected]> wrote:
Guys thanks a lot for helping out with my problem. I just tried
sending mail from friend's mail server (SBS 2003) and same problem
occured. Looks like Cisco box in our office messing up.
Appreciate all the input and many many thanks!
George
On Wed, Jul 8, 2009 at 4:34 PM, Victor Duchovni <[email protected]
> wrote:
On Wed, Jul 08, 2009 at 04:25:43PM +0100, New Old Stk wrote:
> Noel, connecting to server remotely didn't work. I wonder what's
the reason
> as no ports seem to be blocked.
>
>
> g2$ openssl s_client -starttls smtp -crlf -connect
one.mailexpeditor.com:25
> CONNECTED(00000003)
> 157:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:601:
This server supports "starttls" (sorry have not released smtp-finger
yet...)
smtp-finger: Connected to one.mailexpeditor.com[92.60.109.90]:25
smtp-finger: < 220 one.mailexpeditor.com ESMTP Postfix
smtp-finger: > EHLO hqmtaext01.ms.com
smtp-finger: < 250-one.mailexpeditor.com
smtp-finger: < 250-
PIPELINING smtp-
finger: < 250-SIZE 10240000
smtp-finger: < 250-VRFY
smtp-finger: < 250-ETRN
smtp-finger: < 250-STARTTLS
smtp-finger: < 250-
ENHANCEDSTATUSCODES smtp-
finger: < 250-8BITMIME
smtp-finger: < 250 DSN
smtp-finger: > STARTTLS
smtp-finger: < 220 2.0.0 Ready to start TLS
smtp-finger: Untrusted TLS connection established to
one.mailexpeditor.com[92.60.109.90]:25: TLSv1 with cipher ADH-AES256-
SHA (256/256 bits)
smtp-finger: Server is anonymous
Also works with s_client:
$ openssl s_client -starttls smtp -connect one.mailexpeditor.com:25
CONNECTED(00000003)
depth=1 /C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=GB/ST=Buckinghamshire/L=Milton Keynes/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
i:/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
1 s:/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
i:/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=GB/ST=Buckinghamshire/L=Milton Keynes/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
issuer=/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 2505 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
...
Verify return code: 19 (self signed certificate in
certificate chain)
---
250 DSN
quit
221 2.0.0 Bye
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[email protected]?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
