On 11/28/2016 at 3:25 PM, "Viktor Dukhovni" <postfix-us...@dukhovni.org> wrote: > >On Mon, Nov 28, 2016 at 02:59:22PM -0600, rich.gre...@hushmail.com >wrote: > >> >>smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pe >m >> >> >smtpd_tls_key_file=/etcletsencrypt/live/example.com/privkey.pem >> > >> >The key file setting seems to have a typo. >> > >> >> smtpd_use_tls=yes >> > >> >> I commented >> #smtpd_use_tls=yes >> and added >> smtpd_tls_security_level = may > >Did you also fix the key_file setting? >
Yes, I did. >> Squirrelmail is installed with a package manager. Smoke and >mirrors is >> an understatement for how it is installed. In future, I will be >installing >> this from a tarball to have a grasp of how it interacts with >> postfix/dovecot/apache. I composed a test email and the email >appeared >> in the destination mailbox (I tested using this email address). > >You have received headers and logs that should indicate how the >mail it sent entered your mailbox. You can also look at the >relevant >application settings. > I found the error console. There were errors in regards to a JavaScriipt file included with Thunderbird that returned a failure number upon exit. I don't think it's hinting at the problem though (NS_ERROR_UNEXPECTED: Component returned failure code 0x8000FFFF (NS_ERROR_UNEXPETED) nslMsgMailNewsUrl.server resource:///modules/activity/alertHook.js) >> >Was this via port 25 or 587? >> >> Not entirely sure. I looked in and the field is filled with a >25, so I >> assume the autodetect feature determined port 25. It said, next >to that >> box, the default was port 587. > >Then set it back to the default, and do make sure your master.cf >file has a working definition of the submission service. > I changed it. When I compose and send to an outside domain now, I get an error that hints towards port 25 being strongly preferred over 587. Sending of the message failed. The message could not be sent because connecting to Outgoing server (SMTP) timothylegg.com failed. The server may be unavailable or is refusing SMTP connections. Please verify that your Outgoing server (SMTP) settings are correct and try again. >> I performed all my tests with my actual domain name, not >example.com (I've >> seen it happen on this very list about two years ago -- don't >laugh). My >> domain is based on my name and I cannot have a search engine >return forum >> posts as results for a query of my name. > >Hiding the real server name limits the help that you can get. Your >choice. I can trust people on the basis that the personal information does not become posted on a world-readable forum. I will provide this information on a case by case basis. For you, I sent you an email to the address you subscribed to the list with. > >> >Perhaps you're better of with mailinabox.email, rather than DIY? >> >> I want to learn how it works today. I chose postfix because >it's widely >> used by the kinds of people who write HOWTO documents online. >I've >> considered switching to whichever platform has the most O'Reilly >books >> written in the past 3 years, but I'm still here anyway. >Hopefully a new >> Postfix book will come out soon. Hildebrand's book is over ten >years old >> now. It was a good book, just ten years is a bad age for a >software book >> to reach (unless it is authored by Knuth, of course). > >I don't think a new book is likely any time soon. The market for >mail server books is small, and books become dated quickly. If I ever figure this out... I will admit, I love to write. > >> An error occurred while sending mail. The mail server responded: > >> 4.7.1 <rich.gre...@hushmail.com>: Relay access denied. >> Please check the message recipient "rich.gre...@hushmail.com" >and try again > >Your next challenge is configuring SASL auth on port 587. > >> Nov 28 21:48:14 example postfix/smtpd[2767]: Anonymous TLS >connection established from 75-120-xxx- >yyy.dyn.centurytel.net[75.120.xxx.yyy]: TLSv1.2 with cipher ECDHE- >RSA-AES128-GCM-SHA256 (128/128 bits) > >If you've configured a distinct syslog_name for the submission >service >(as recommended), then this is not submission, and your client >should >be using port 587 instead. However TLS is working, so that's >progress. > >> Nov 28 21:48:14 example postfix/smtpd[2767]: NOQUEUE: reject: >RCPT from 75-120-xxx-yyy.dyn.centurytel.net[75.120.xxx.yyy]: 454 >4.7.1 <rich.gre...@hushmail.com>: Relay access denied; >from=<u...@example.com> to=<rich.gre...@hushmail.com> proto=ESMTP >helo=<[10.211.55.24]> > >This is expected, your server is not an open relay. > >> Nov 28 21:48:22 example postfix/smtpd[2770]: Anonymous TLS >connection established from a15-204.smtp- >out.amazonses.com[54.240.15.204]: TLSv1 with cipher ECDHE-RSA- >AES128-SHA (128/128 bits) >> Nov 28 21:48:22 example postfix/smtpd[2770]: A41DE40299: >client=a15-204.smtp-out.amazonses.com[54.240.15.204] >> Nov 28 21:48:22 example postfix/cleanup[2771]: A41DE40299: >message-id=<01000158acb1e81a-3d5a5696-adeb-4679-b83b-89ac56be773d- >000...@email.amazonses.com> >> Nov 28 21:48:23 example postfix/qmgr[2661]: A41DE40299: >from=<201611282048092acfa6d079d946c6976028094d10p0na- >c1dg1rhq8hb...@bounces.amazon.com>, size=58163, nrcpt=1 (queue >active) >> Nov 28 21:48:23 example dovecot: lmtp(2773): Connect from local >> Nov 28 21:48:23 example dovecot: lmtp(u...@example.com): >khNUDReYPFjVCgAAs5y1Cg: msgid=<01000158acb1e81a-3d5a5696-adeb-4679- >b83b-89ac56be773d-000...@email.amazonses.com>: saved mail to INBOX >> Nov 28 21:48:23 example postfix/lmtp[2772]: A41DE40299: >to=<u...@example.com>, orig_to=<m...@example.com>, >relay=example.com[private/dovecot-lmtp], delay=0.77, >delays=0.61/0.03/0.05/0.08, dsn=2.0.0, status=sent (250 2.0.0 ><u...@example.com> khNUDReYPFjVCgAAs5y1Cg Saved) > >Inbound mail is also working. > >So your problem is squarely with submission. See SASL_README. > >-- > Viktor.
