On 11/28/2016 at 1:28 PM, "Viktor Dukhovni" <postfix-us...@dukhovni.org> wrote:
>
>> On Nov 28, 2016, at 2:13 PM, rich.gre...@hushmail.com wrote:
>>
>> # TLS parameters
>> smtpd_tls_loglevel = 1;
>
>If that ';' is really there, get rid of it.
>
Got rid of it. C habits are hard to break. Good eye spotting that; mistakes
like those cause config files to be deleted and rewritten.
>>
>smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
>> smtpd_tls_key_file=/etcletsencrypt/live/example.com/privkey.pem
>
>The key file setting seems to have a typo.
>
>> smtpd_use_tls=yes
>
I commented
#smtpd_use_tls=yes
and added
smtpd_tls_security_level = may
>The non-obsolete setting is: "smtpd_tls_security_level = may"
>
>> smtpd_tls_session_cache_database =
>btree:${data_directory}/smtpd_scache
>
>Not recommended, let TLS session tickets do the work.
Commented
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>
>> smtp_tls_session_cache_database =
>btree:${data_directory}/smtp_scache
>
>This one is fine.
>
>> I sent a test message from squirrelmail to myself, and it worked.
>
>"It worked" is meaningless. Was TLS used? Is that sent via port
>587 or
>port 25? Logs?
>
Squirrelmail is installed with a package manager. Smoke and mirrors is an
understatement for how it is installed. In future, I will be installing this
from a tarball to have a grasp of how it interacts with postfix/dovecot/apache.
I composed a test email and the email appeared in the destination mailbox (I
tested using this email address).
>> I tried with Thunderbird, and it had a problem.
>
>Was this via port 25 or 587?
>
Not entirely sure. I looked in and the field is filled with a 25, so I assume
the autodetect feature determined port 25. It said, next to that box, the
default was port 587.
>> Sending of the message failed.
>> An error occurred while sending mail: Unable to establish a
>secure link with Outgoing server (SMTP) example.com using STARTTLS
>since it doesn't advertise that feature. Switch off STARTTLS for
>that server or contact your service provider.
>
>Did it even contact the same server? The obfuscated "example.com"
>is not terribly
>helpful.
>
I performed all my tests with my actual domain name, not example.com (I've seen
it happen on this very list about two years ago -- don't laugh). My domain is
based on my name and I cannot have a search engine return forum posts as
results for a query of my name. You may have guessed correctly that the name
on this account is not real and neither is the Berlin time zone in the system
logs representing my actual location.
>Perhaps you're better of with mailinabox.email, rather than DIY?
>
I think I wrote and deleted 1000+ words to keep this on topic because I tend to
enter a history discussion about how email used to be so easy when I did this
in the late 1990s. I didn't keep up. I got busy and hired consultants to do
the setup for me over the past 15 years. I look now and wonder what on earth
has gone on. To be fair, I used to login plaintext password via telnet the
last time I successfully installed qmail on my FreeBSD box.
I want to learn how it works today. I chose postfix because it's widely used
by the kinds of people who write HOWTO documents online. I've considered
switching to whichever platform has the most O'Reilly books written in the past
3 years, but I'm still here anyway. Hopefully a new Postfix book will come out
soon. Hildebrand's book is over ten years old now. It was a good book, just
ten years is a bad age for a software book to reach (unless it is authored by
Knuth, of course).
Anyways....
The performance has evolved. I get a meaningful error message from Thunderbird
now.
An error occurred while sending mail. The mail server responded:
4.7.1 <rich.gre...@hushmail.com>: Relay access denied.
Please check the message recipient "rich.gre...@hushmail.com" and try again
I checked in /var/log/mail.log
Not sure what to make of this. This is the reason why I ask students to think
about documentation and usability...
Nov 28 21:48:13 example postfix/smtpd[2767]: connect from
75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]
Nov 28 21:48:14 example postfix/smtpd[2767]: Anonymous TLS connection
established from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Nov 28 21:48:14 example postfix/smtpd[2767]: NOQUEUE: reject: RCPT from
75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]: 454 4.7.1
<rich.gre...@hushmail.com>: Relay access denied; from=<u...@example.com>
to=<rich.gre...@hushmail.com> proto=ESMTP helo=<[10.211.55.24]>
Nov 28 21:48:21 example postfix/smtpd[2770]: connect from
a15-204.smtp-out.amazonses.com[54.240.15.204]
Nov 28 21:48:22 example postfix/smtpd[2770]: Anonymous TLS connection
established from a15-204.smtp-out.amazonses.com[54.240.15.204]: TLSv1 with
cipher ECDHE-RSA-AES128-SHA (128/128 bits)
Nov 28 21:48:22 example postfix/smtpd[2770]: A41DE40299:
client=a15-204.smtp-out.amazonses.com[54.240.15.204]
Nov 28 21:48:22 example postfix/cleanup[2771]: A41DE40299:
message-id=<01000158acb1e81a-3d5a5696-adeb-4679-b83b-89ac56be773d-000...@email.amazonses.com>
Nov 28 21:48:23 example postfix/qmgr[2661]: A41DE40299:
from=<201611282048092acfa6d079d946c6976028094d10p0na-c1dg1rhq8hb...@bounces.amazon.com>,
size=58163, nrcpt=1 (queue active)
Nov 28 21:48:23 example dovecot: lmtp(2773): Connect from local
Nov 28 21:48:23 example dovecot: lmtp(u...@example.com):
khNUDReYPFjVCgAAs5y1Cg:
msgid=<01000158acb1e81a-3d5a5696-adeb-4679-b83b-89ac56be773d-000...@email.amazonses.com>:
saved mail to INBOX
Nov 28 21:48:23 example postfix/lmtp[2772]: A41DE40299: to=<u...@example.com>,
orig_to=<m...@example.com>, relay=example.com[private/dovecot-lmtp],
delay=0.77, delays=0.61/0.03/0.05/0.08, dsn=2.0.0, status=sent (250 2.0.0
<u...@example.com> khNUDReYPFjVCgAAs5y1Cg Saved)
Nov 28 21:48:23 example postfix/qmgr[2661]: A41DE40299: removed
Nov 28 21:48:23 example dovecot: lmtp(2773): Disconnect from local: Successful
quit
Nov 28 21:48:46 example postfix/smtpd[2770]: disconnect from
a15-204.smtp-out.amazonses.com[54.240.15.204] ehlo=2 starttls=1 mail=1 rcpt=1
data=1 quit=1 commands=7
Nov 28 21:49:54 example postfix/smtpd[2767]: lost connection after RCPT from
75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]
Nov 28 21:49:54 example postfix/smtpd[2767]: disconnect from
75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yy] ehlo=2 starttls=1 mail=1
rcpt=0/1 commands=4/5
>--
> Viktor.
