Hello, i am using Debian 7.3 with postfix, and am trying to send email
through our Exchange 2007 server. I have read tons of posts but i have been
unable to get it to work
I am using the postfix package that comes with Debian, and also installed
libsasl2-modules
On mail.cf i tried the following:
I added the debug command you requested so you can see the whole error. I
don't seem to have dns issues so i haven't felt the need for the brackets. I
do seem to have the NTLM module
I am aware of base64, so my tests with telnet i did use base64 to enter the
username but as soon as i pressed
Well, i tried with [] in both files, also tried changing the sasl password
file to use domain\user instead of u...@domain.com and still i get the same
errors.
I wonder if exchange is rejecting anything without TLS. Our exchange has a
self signed certificate and i know if i want to try TLS i will
i disabled NTLM with sasl_mechanism_filter = !ntlm but of course now i get an
error that the server offered no compatible authentication mechanism
When i telnet to my exchange server i only get:
STARTTLS
X-ANONYMOUS TLS
AUTH NTLM
X-EXPS GSSAPI NTLM
Like i said, if i cannot get this to work, i
I tried to connect with this command:
openssl s_client -starttls -smtp -crlf -connect
exchangeserver.ourdomain.com:25
It connects, though it says it can't validate certificate (which is
expected, our exchange certificate is self signed)
After EHLO i now get:
AUTH NTLM LOGIN
So i tried with
I have this in my main.cf (note: i didn't set this up, my guess is that
debian itself did, or maybe when i installed libsasl2-modules, but i don't
think so)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
FINALLY it worked, but not before i disabled NTLM in the config, because
otherwise it would try it.
So, i had to enable client side TLS and disabling NTLM. It says untrusted
connection in the logs, and i tried modifying the mynetworks variable below
but couldn't fix it. It may be untrusted
I am fine with the end result. The untrusted message is rather cosmetic, i
would like to know how to import the certificate or rather trust the server
(as i thought the mynetwork variable would do), but it's no biggie.
The server is inside our lan and the relay will only be used for our
helpdesk,
For additional clarification, i was able to telnet to our exhange server and
authenticate to it just fine:
telnet mar-exch01 25
Connected to mar-exch01.mydomain.com.
Escape character is '^]'.
220 mar-exch01.mydomain.com Microsoft ESMTP MAIL Service ready at Thu, 15
Sep 2016 08:21:03 -0400
EHLO
Thank you Viktor, with your configuration changes now it works again!
Indeed, Exchange is running on Windows Server 2003 R2 and an upgrade is
overdue. After two years of delay, finally it will get upgraded in two
months.
--
View this message in context:
After two years of successful emails sent by postfix through our exchange
2007 server i have started having problems. I did update debian 7 to debian
8, so i don't know what postfix/openssl version i had back then.
Postfix itself gives out these errors:
Sep 14 11:52:52 mar-zabbix
11 matches
Mail list logo
