On 11/28/2016 at 1:28 PM, "Viktor Dukhovni" <postfix-us...@dukhovni.org> wrote: > >> On Nov 28, 2016, at 2:13 PM, rich.gre...@hushmail.com wrote: >> >> # TLS parameters >> smtpd_tls_loglevel = 1; > >If that ';' is really there, get rid of it. >
Got rid of it. C habits are hard to break. Good eye spotting that; mistakes like those cause config files to be deleted and rewritten. >> >smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem >> smtpd_tls_key_file=/etcletsencrypt/live/example.com/privkey.pem > >The key file setting seems to have a typo. > >> smtpd_use_tls=yes > I commented #smtpd_use_tls=yes and added smtpd_tls_security_level = may >The non-obsolete setting is: "smtpd_tls_security_level = may" > >> smtpd_tls_session_cache_database = >btree:${data_directory}/smtpd_scache > >Not recommended, let TLS session tickets do the work. Commented #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > >> smtp_tls_session_cache_database = >btree:${data_directory}/smtp_scache > >This one is fine. > >> I sent a test message from squirrelmail to myself, and it worked. > >"It worked" is meaningless. Was TLS used? Is that sent via port >587 or >port 25? Logs? > Squirrelmail is installed with a package manager. Smoke and mirrors is an understatement for how it is installed. In future, I will be installing this from a tarball to have a grasp of how it interacts with postfix/dovecot/apache. I composed a test email and the email appeared in the destination mailbox (I tested using this email address). >> I tried with Thunderbird, and it had a problem. > >Was this via port 25 or 587? > Not entirely sure. I looked in and the field is filled with a 25, so I assume the autodetect feature determined port 25. It said, next to that box, the default was port 587. >> Sending of the message failed. >> An error occurred while sending mail: Unable to establish a >secure link with Outgoing server (SMTP) example.com using STARTTLS >since it doesn't advertise that feature. Switch off STARTTLS for >that server or contact your service provider. > >Did it even contact the same server? The obfuscated "example.com" >is not terribly >helpful. > I performed all my tests with my actual domain name, not example.com (I've seen it happen on this very list about two years ago -- don't laugh). My domain is based on my name and I cannot have a search engine return forum posts as results for a query of my name. You may have guessed correctly that the name on this account is not real and neither is the Berlin time zone in the system logs representing my actual location. >Perhaps you're better of with mailinabox.email, rather than DIY? > I think I wrote and deleted 1000+ words to keep this on topic because I tend to enter a history discussion about how email used to be so easy when I did this in the late 1990s. I didn't keep up. I got busy and hired consultants to do the setup for me over the past 15 years. I look now and wonder what on earth has gone on. To be fair, I used to login plaintext password via telnet the last time I successfully installed qmail on my FreeBSD box. I want to learn how it works today. I chose postfix because it's widely used by the kinds of people who write HOWTO documents online. I've considered switching to whichever platform has the most O'Reilly books written in the past 3 years, but I'm still here anyway. Hopefully a new Postfix book will come out soon. Hildebrand's book is over ten years old now. It was a good book, just ten years is a bad age for a software book to reach (unless it is authored by Knuth, of course). Anyways.... The performance has evolved. I get a meaningful error message from Thunderbird now. An error occurred while sending mail. The mail server responded: 4.7.1 <rich.gre...@hushmail.com>: Relay access denied. Please check the message recipient "rich.gre...@hushmail.com" and try again I checked in /var/log/mail.log Not sure what to make of this. This is the reason why I ask students to think about documentation and usability... Nov 28 21:48:13 example postfix/smtpd[2767]: connect from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy] Nov 28 21:48:14 example postfix/smtpd[2767]: Anonymous TLS connection established from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Nov 28 21:48:14 example postfix/smtpd[2767]: NOQUEUE: reject: RCPT from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]: 454 4.7.1 <rich.gre...@hushmail.com>: Relay access denied; from=<u...@example.com> to=<rich.gre...@hushmail.com> proto=ESMTP helo=<[10.211.55.24]> Nov 28 21:48:21 example postfix/smtpd[2770]: connect from a15-204.smtp-out.amazonses.com[54.240.15.204] Nov 28 21:48:22 example postfix/smtpd[2770]: Anonymous TLS connection established from a15-204.smtp-out.amazonses.com[54.240.15.204]: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Nov 28 21:48:22 example postfix/smtpd[2770]: A41DE40299: client=a15-204.smtp-out.amazonses.com[54.240.15.204] Nov 28 21:48:22 example postfix/cleanup[2771]: A41DE40299: message-id=<01000158acb1e81a-3d5a5696-adeb-4679-b83b-89ac56be773d-000...@email.amazonses.com> Nov 28 21:48:23 example postfix/qmgr[2661]: A41DE40299: from=<201611282048092acfa6d079d946c6976028094d10p0na-c1dg1rhq8hb...@bounces.amazon.com>, size=58163, nrcpt=1 (queue active) Nov 28 21:48:23 example dovecot: lmtp(2773): Connect from local Nov 28 21:48:23 example dovecot: lmtp(u...@example.com): khNUDReYPFjVCgAAs5y1Cg: msgid=<01000158acb1e81a-3d5a5696-adeb-4679-b83b-89ac56be773d-000...@email.amazonses.com>: saved mail to INBOX Nov 28 21:48:23 example postfix/lmtp[2772]: A41DE40299: to=<u...@example.com>, orig_to=<m...@example.com>, relay=example.com[private/dovecot-lmtp], delay=0.77, delays=0.61/0.03/0.05/0.08, dsn=2.0.0, status=sent (250 2.0.0 <u...@example.com> khNUDReYPFjVCgAAs5y1Cg Saved) Nov 28 21:48:23 example postfix/qmgr[2661]: A41DE40299: removed Nov 28 21:48:23 example dovecot: lmtp(2773): Disconnect from local: Successful quit Nov 28 21:48:46 example postfix/smtpd[2770]: disconnect from a15-204.smtp-out.amazonses.com[54.240.15.204] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Nov 28 21:49:54 example postfix/smtpd[2767]: lost connection after RCPT from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy] Nov 28 21:49:54 example postfix/smtpd[2767]: disconnect from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yy] ehlo=2 starttls=1 mail=1 rcpt=0/1 commands=4/5 >-- > Viktor.