Am 22.03.2014 22:08, schrieb Anonymous12: > 22.3.2014 23:06, li...@rhsoft.net kirjoitti: >> uhm you posted that line in your "postconf -n" output >> >> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy >> >> besides a complete log what is the content of that file? >> >> is there anything related to the destination which may restrict >> the used auth-mechs and so no matching one is left? > > Output of /etc/postfix/tls_policy: > > [mail.riseup.net]:587 encrypt protocols=TLSv1 ciphers=high > > Complete log: > > Mar 22 22:06:02 vps44713 postfix/master[2311]: reload -- version 2.9.6, > configuration /etc/postfix > Mar 22 22:06:16 vps44713 postfix/smtpd[10210]: connect from > localhost[127.0.0.1] > Mar 22 22:06:49 vps44713 postfix/smtpd[10210]: 7BFFB3E030B: > client=localhost[127.0.0.1] > Mar 22 22:06:57 vps44713 postfix/cleanup[10224]: 7BFFB3E030B: > message-id=<20140322210649.7bffb3e0...@example.com> > Mar 22 22:06:57 vps44713 postfix/qmgr[10204]: 7BFFB3E030B: > from=<anonymou...@riseup.net>, size=338, nrcpt=1 (queue active) > Mar 22 22:06:58 vps44713 postfix/smtp[10225]: warning: SASL > authentication failure: No worthy mechs found > Mar 22 22:06:58 vps44713 postfix/smtp[10225]: 7BFFB3E030B: SASL > authentication failed; cannot authenticate to server > mail.riseup.net[198.252.153.55]: no mechanism available > Mar 22 22:06:58 vps44713 postfix/smtpd[10210]: disconnect from > localhost[127.0.0.1] > Mar 22 22:07:00 vps44713 postfix/smtp[10225]: warning: SASL > authentication failure: No worthy mechs found > Mar 22 22:07:00 vps44713 postfix/smtp[10225]: 7BFFB3E030B: > to=<anonymou...@riseup.net>, relay=mail.riseup.net[198.252.153.56]:587, > delay=17, delays=14/0.05/2.5/0, dsn=4.7.0, status=deferred (SASL > authentication failed; cannot authenticate to server > mail.riseup.net[198.252.153.56]: no mechanism available)
i do not see any indication that the connection is encrypted if that is the case, well, than no auth is offered main.cf: smtp_tls_loglevel = 1 (don't forget the postfix reload after that) after that you should see lines similar to the one below if teh connection is encrypted, honsetly i would *remove* "smtp_tls_policy_maps" from the configuraton, it is not needed for opportunistic TLS and should only be used to solve *specific* problems Mar 22 03:42:05 testserver postfix/smtp[7211]: Untrusted TLS connection established to 192.168.196.1[192.168.196.1]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
