Am 11.02.2014 20:01, schrieb Viktor Dukhovni: > On Tue, Feb 11, 2014 at 10:36:54AM -0800, fleon wrote: > >> I have this in my main.cf (note: i didn't set this up, my guess is that >> debian itself did, or maybe when i installed libsasl2-modules, but i don't >> think so) >> >> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem >> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key >> smtpd_use_tls = yes >> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > Server-side TLS enabled. Use "smtpd_tls_security_level = may" > instead of the obsolete "smtpd_use_tls = yes".
to say it clear: anything with smtpd_ as prefix has nothing to do with send a message to another server >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > Client-side TLS is not enabled. Enable client-side TLS: > > smtp_tls_security_level = may > >> What am i missing to enable TLS properly and then be able to use AUTH LOGIN? > > See above and that is why i hours ago posted the *client* configuration of the machine happily sends authenticated mail over TLS to exchange smtp_use_tls = yes smtp_tls_loglevel = 1 smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_timeout = 3600s smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache smtp_tls_exclude_ciphers = DES-CBC3-SHA, DES-CBC3-MD5, ADH-DES-CBC3-SHA, ADH-DES-CBC3-MD5, EDH-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-MD5, DES, DES+MD5