Am 11.02.2014 20:01, schrieb Viktor Dukhovni:
> On Tue, Feb 11, 2014 at 10:36:54AM -0800, fleon wrote:
>
>> I have this in my main.cf (note: i didn't set this up, my guess is that
>> debian itself did, or maybe when i installed libsasl2-modules, but i don't
>> think so)
>>
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>> smtpd_use_tls = yes
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>
> Server-side TLS enabled. Use "smtpd_tls_security_level = may"
> instead of the obsolete "smtpd_use_tls = yes".
to say it clear: anything with smtpd_ as prefix has
nothing to do with send a message to another server
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>
> Client-side TLS is not enabled. Enable client-side TLS:
>
> smtp_tls_security_level = may
>
>> What am i missing to enable TLS properly and then be able to use AUTH LOGIN?
>
> See above
and that is why i hours ago posted the *client* configuration
of the machine happily sends authenticated mail over TLS to
exchange
smtp_use_tls = yes
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_tls_exclude_ciphers = DES-CBC3-SHA, DES-CBC3-MD5, ADH-DES-CBC3-SHA,
ADH-DES-CBC3-MD5, EDH-RSA-DES-CBC3-SHA,
EDH-RSA-DES-CBC3-MD5, DES, DES+MD5
