On Sun, 05 Dec 2010 12:23:50 +0100
Dieter Kluenter <die...@dkluenter.de> articulated:
> Christian Roessner <c...@roessner-network-solutions.com> writes:
>
> > Hi,
> >
> > first of all, I am not an SSL expert, so I hope you could help me
> > understanding something. I have Postfix configured as MSA/MTA with
> > latest postfix experimental. On port 25 of the mx0.roessner-net,
> > which is the main mail exchanger for other MTAs, I do not offer
> > AUTH, but want to offer STARTTLS.
> >
> > On the MSA side, the side to my clients, I wish to offer STARTTLS
> > and AUTH. So I put the smtpd_sasl_auth_enable=yes option into
> > master.cf.
> >
> > So far so good.
> >
> > When I use telnet to connect to mx0.roessner-net.de 25, waiting for
> > postscreen to allow me sending EHLO, I only get the following list
> > of commands:
> >
> > Trying 78.46.253.227...
> > Connected to mx0.roessner-net.de.
> > Escape character is '^]'.
> > 220-mx0.roessner-net.de ESMTP
> > 220 mx0.roessner-net.de ESMTP
> > EHLO client.unitymedia.org
> > 250-mx0.roessner-net.de
> > 250-SIZE 31457280
> > 250-ETRN
> > 250-ENHANCEDSTATUSCODES
> > 250-8BITMIME
> > 250 DSN
> >
> > Where is the STARTTLS? When I look at the logs, I see that servers
> > use TLS to communicate with my server. So could someone tell me,
> > how the trick works? To do TLS without seeing the STARTTLS command?
> > And I do not have 465 open. Only 25.
> >
> > Thanks to anybody who might like to bring light into dark for me :-)
>
> telnet is the wrong tool.
> openssl s_client -connect mx0.roessner-net.de:25 -startls smtp \
^^^^^^^
> -CAfile /path/to/ca
That should be "-starttls"
--
Jerry ✌
postfix-u...@seibercom.net
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
