On Mon, Nov 28, 2016 at 02:59:22PM -0600, rich.gre...@hushmail.com wrote:
> >smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
> >> smtpd_tls_key_file=/etcletsencrypt/live/example.com/privkey.pem
> >
> >The key file setting seems to have a typo.
> >
> >> smtpd_use_tls=yes
> >
>
> I commented
> #smtpd_use_tls=yes
> and added
> smtpd_tls_security_level = may
Did you also fix the key_file setting?
> Squirrelmail is installed with a package manager. Smoke and mirrors is
> an understatement for how it is installed. In future, I will be installing
> this from a tarball to have a grasp of how it interacts with
> postfix/dovecot/apache. I composed a test email and the email appeared
> in the destination mailbox (I tested using this email address).
You have received headers and logs that should indicate how the
mail it sent entered your mailbox. You can also look at the relevant
application settings.
> >Was this via port 25 or 587?
>
> Not entirely sure. I looked in and the field is filled with a 25, so I
> assume the autodetect feature determined port 25. It said, next to that
> box, the default was port 587.
Then set it back to the default, and do make sure your master.cf
file has a working definition of the submission service.
> I performed all my tests with my actual domain name, not example.com (I've
> seen it happen on this very list about two years ago -- don't laugh). My
> domain is based on my name and I cannot have a search engine return forum
> posts as results for a query of my name.
Hiding the real server name limits the help that you can get. Your
choice.
> >Perhaps you're better of with mailinabox.email, rather than DIY?
>
> I want to learn how it works today. I chose postfix because it's widely
> used by the kinds of people who write HOWTO documents online. I've
> considered switching to whichever platform has the most O'Reilly books
> written in the past 3 years, but I'm still here anyway. Hopefully a new
> Postfix book will come out soon. Hildebrand's book is over ten years old
> now. It was a good book, just ten years is a bad age for a software book
> to reach (unless it is authored by Knuth, of course).
I don't think a new book is likely any time soon. The market for
mail server books is small, and books become dated quickly.
> An error occurred while sending mail. The mail server responded:
> 4.7.1 <rich.gre...@hushmail.com>: Relay access denied.
> Please check the message recipient "rich.gre...@hushmail.com" and try again
Your next challenge is configuring SASL auth on port 587.
> Nov 28 21:48:14 example postfix/smtpd[2767]: Anonymous TLS connection
> established from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]: TLSv1.2
> with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
If you've configured a distinct syslog_name for the submission service
(as recommended), then this is not submission, and your client should
be using port 587 instead. However TLS is working, so that's progress.
> Nov 28 21:48:14 example postfix/smtpd[2767]: NOQUEUE: reject: RCPT from
> 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]: 454 4.7.1
> <rich.gre...@hushmail.com>: Relay access denied; from=<u...@example.com>
> to=<rich.gre...@hushmail.com> proto=ESMTP helo=<[10.211.55.24]>
This is expected, your server is not an open relay.
> Nov 28 21:48:22 example postfix/smtpd[2770]: Anonymous TLS connection
> established from a15-204.smtp-out.amazonses.com[54.240.15.204]: TLSv1 with
> cipher ECDHE-RSA-AES128-SHA (128/128 bits)
> Nov 28 21:48:22 example postfix/smtpd[2770]: A41DE40299:
> client=a15-204.smtp-out.amazonses.com[54.240.15.204]
> Nov 28 21:48:22 example postfix/cleanup[2771]: A41DE40299:
> message-id=<01000158acb1e81a-3d5a5696-adeb-4679-b83b-89ac56be773d-000...@email.amazonses.com>
> Nov 28 21:48:23 example postfix/qmgr[2661]: A41DE40299:
> from=<201611282048092acfa6d079d946c6976028094d10p0na-c1dg1rhq8hb...@bounces.amazon.com>,
> size=58163, nrcpt=1 (queue active)
> Nov 28 21:48:23 example dovecot: lmtp(2773): Connect from local
> Nov 28 21:48:23 example dovecot: lmtp(u...@example.com):
> khNUDReYPFjVCgAAs5y1Cg:
> msgid=<01000158acb1e81a-3d5a5696-adeb-4679-b83b-89ac56be773d-000...@email.amazonses.com>:
> saved mail to INBOX
> Nov 28 21:48:23 example postfix/lmtp[2772]: A41DE40299:
> to=<u...@example.com>, orig_to=<m...@example.com>,
> relay=example.com[private/dovecot-lmtp], delay=0.77,
> delays=0.61/0.03/0.05/0.08, dsn=2.0.0, status=sent (250 2.0.0
> <u...@example.com> khNUDReYPFjVCgAAs5y1Cg Saved)
Inbound mail is also working.
So your problem is squarely with submission. See SASL_README.
--
Viktor.
