IgorS3
8th August 2007, 17:14
I used the following tutorials for installaing ISPCONFIG at Ubuntu 7.04:
http://www.howtoforge.com/perfect_setup_ubuntu704
All Ok, but Postfix does't work with TLS for sending mail.
I have received mail with POP3 and POP3 STARTTLS, no problem to send mail without TLS, but have problem with send mail with TLS.
With STARTTLS my mail clients ( The Bat! and Mozilla Thunderbird ) write message:
08.08.2007, 17:30:03: SEND - sending mail messages - 1 messages in queue
08.08.2007, 17:30:04: SEND - Initiating TLS handshake
08.08.2007, 17:35:04: SEND - connection finished - 0 messages sent
08.08.2007, 17:35:04: SEND - Some messages were not sent - check the log for details
Here I go:
-------------------------------------------------------------
root@servant:/etc/postfix# telnet localhost 25
--------------------------------------------------------------
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 www.xxxx.com ESMTP Postfix
ehlo localhost
250-www.xxxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
----------------------------------------------------------------
----------------------------------------------------------------
mail.info:
----------------------------------------------------------------
Aug 8 17:30:03 servant postfix/smtpd[6222]: initializing the server-side TLS engine
Aug 8 17:30:03 servant postfix/smtpd[6222]: connect from unknown[хх.5.135.82]
Aug 8 17:30:04 servant postfix/smtpd[6222]: setting up TLS connection from unknown[хх.5.135.82]
Aug 8 17:30:04 servant postfix/smtpd[6222]: SSL_accept:before/accept initialization
Aug 8 17:30:04 servant postfix/smtpd[6222]: read from 0066C2B0 [00675A90] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Aug 8 17:30:04 servant postfix/smtpd[6222]: SSL_accept:error in SSLv2/v3 read client hello A
Aug 8 17:35:04 servant postfix/smtpd[6222]: SSL_accept error from unknown[62.5.135.82]: -1
Aug 8 17:35:04 servant postfix/smtpd[6222]: lost connection after STARTTLS from unknown[62.5.135.82]
Aug 8 17:35:04 servant postfix/smtpd[6222]: disconnect from unknown[62.5.135.82]
----------------------------------------------------------------
----------------------------------------------------------------
main.cf:
----------------------------------------------------------------
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
myhostname = www.xxxx.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 4
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names
myorigin = /etc/mailname
--------------------------------------------------------------------
--------------------------------------------------------------------
root@servant:/etc/postfix# netstat -tap
--------------------------------------------------------------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 4666/couriertcpd
tcp 0 0 *:51234 *:* LISTEN 4972/sshd
tcp 0 0 *: pop3s *:* LISTEN 4705/couriertcpd
tcp 0 0 localhost.localdo:mysql *:* LISTEN 4785/mysqld
tcp 0 0 *: pop3 *:* LISTEN 4681/couriertcpd
tcp 0 0 *:imap2 *:* LISTEN 4644/couriertcpd
tcp 0 0 *:www *:* LISTEN 5241/apache2
tcp 0 0 *:81 *:* LISTEN 5193/ispconfig_http
tcp 0 0 servant:domain *:* LISTEN 5421/named
tcp 0 0 localhost.locald:domain *:* LISTEN 5421/named
tcp 0 0 *:ftp *:* LISTEN 5089/proftpd: (acce
tcp 0 0 *:smtp *:* LISTEN 5750/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 5421/named
tcp 0 0 *:https *:* LISTEN 5241/apache2
tcp 0 2076 servant:51234 xx.5.135.82:1115 ESTABLISHED6307/sshd: xxxxx
-------------------------------------------------------------------------
--------------------------------------------------------------------------
/etc/default/saslauthd:
--------------------------------------------------------------------------
START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
----------------------------------------------------------------------------------
Please, help, how to force to work SMTP with STARTTLS?
http://www.howtoforge.com/perfect_setup_ubuntu704
All Ok, but Postfix does't work with TLS for sending mail.
I have received mail with POP3 and POP3 STARTTLS, no problem to send mail without TLS, but have problem with send mail with TLS.
With STARTTLS my mail clients ( The Bat! and Mozilla Thunderbird ) write message:
08.08.2007, 17:30:03: SEND - sending mail messages - 1 messages in queue
08.08.2007, 17:30:04: SEND - Initiating TLS handshake
08.08.2007, 17:35:04: SEND - connection finished - 0 messages sent
08.08.2007, 17:35:04: SEND - Some messages were not sent - check the log for details
Here I go:
-------------------------------------------------------------
root@servant:/etc/postfix# telnet localhost 25
--------------------------------------------------------------
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 www.xxxx.com ESMTP Postfix
ehlo localhost
250-www.xxxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
----------------------------------------------------------------
----------------------------------------------------------------
mail.info:
----------------------------------------------------------------
Aug 8 17:30:03 servant postfix/smtpd[6222]: initializing the server-side TLS engine
Aug 8 17:30:03 servant postfix/smtpd[6222]: connect from unknown[хх.5.135.82]
Aug 8 17:30:04 servant postfix/smtpd[6222]: setting up TLS connection from unknown[хх.5.135.82]
Aug 8 17:30:04 servant postfix/smtpd[6222]: SSL_accept:before/accept initialization
Aug 8 17:30:04 servant postfix/smtpd[6222]: read from 0066C2B0 [00675A90] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Aug 8 17:30:04 servant postfix/smtpd[6222]: SSL_accept:error in SSLv2/v3 read client hello A
Aug 8 17:35:04 servant postfix/smtpd[6222]: SSL_accept error from unknown[62.5.135.82]: -1
Aug 8 17:35:04 servant postfix/smtpd[6222]: lost connection after STARTTLS from unknown[62.5.135.82]
Aug 8 17:35:04 servant postfix/smtpd[6222]: disconnect from unknown[62.5.135.82]
----------------------------------------------------------------
----------------------------------------------------------------
main.cf:
----------------------------------------------------------------
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
myhostname = www.xxxx.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 4
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names
myorigin = /etc/mailname
--------------------------------------------------------------------
--------------------------------------------------------------------
root@servant:/etc/postfix# netstat -tap
--------------------------------------------------------------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 4666/couriertcpd
tcp 0 0 *:51234 *:* LISTEN 4972/sshd
tcp 0 0 *: pop3s *:* LISTEN 4705/couriertcpd
tcp 0 0 localhost.localdo:mysql *:* LISTEN 4785/mysqld
tcp 0 0 *: pop3 *:* LISTEN 4681/couriertcpd
tcp 0 0 *:imap2 *:* LISTEN 4644/couriertcpd
tcp 0 0 *:www *:* LISTEN 5241/apache2
tcp 0 0 *:81 *:* LISTEN 5193/ispconfig_http
tcp 0 0 servant:domain *:* LISTEN 5421/named
tcp 0 0 localhost.locald:domain *:* LISTEN 5421/named
tcp 0 0 *:ftp *:* LISTEN 5089/proftpd: (acce
tcp 0 0 *:smtp *:* LISTEN 5750/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 5421/named
tcp 0 0 *:https *:* LISTEN 5241/apache2
tcp 0 2076 servant:51234 xx.5.135.82:1115 ESTABLISHED6307/sshd: xxxxx
-------------------------------------------------------------------------
--------------------------------------------------------------------------
/etc/default/saslauthd:
--------------------------------------------------------------------------
START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
----------------------------------------------------------------------------------
Please, help, how to force to work SMTP with STARTTLS?