Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th January 2011, 10:37
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
Default Having trouble verifying TLS setup // postfix / ubuntu 10.04

Good morning,
I'm setting up a new postfix server, it's going to be our inbound gateway and will also relay mail to certain domains that we need TLS for.

I didn't notice any issues with the install, when I do "telnet localhost 25" I get this

220 mail.server.net ESMTP Postfix (Debian/GNU)
ehlo localhost
250-mail.ourserver.net
250-PIPELINING
250-SIZE 70480000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


Looks OK but when I go to another server and try "telnet mail.ourserver.net 25" I get


Connected to mail.ourserver.net.
Escape character is '^]'.
220 ******************************************
ehlo tibus.com
250-mail.ourserver.net
250-PIPELINING
250-SIZE 70480000
250-ETRN
250-XXXXXXXA
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

No starttls but there is this 250-XXXXXXXA and I'm having trouble finding a clear answer as to what that is.

There is another thing that may be causing an issue. We have a wildcard SSL that covers our whole domain *.ourserver.net, it's used on many server but in apache. I just lifted the key and the crt from one of the apache folders. Would that be an issue? Do I need to regenerate the key specifically for postfix or something?
Reply With Quote
Sponsored Links
  #2  
Old 19th January 2011, 14:11
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

think I've got it, the key thing here is the difference in banner between localhost and remote

220 mail.server.net ESMTP Postfix (Debian/GNU)

220 ******************************************

In my case at least, the ***** mean that the firewall is fiddling with SMTP traffic and sticking in its own banner. Apparently smtp inspection is enabled by default on Cisco Pix, I disabled it by using this sequence


pix(config)#policy-map global_policy
pix(config-pmap)#class inspection_default
pix(config-pmap-c)#no inspect esmtp


Now the starttls appears when I try it from my local machine


Secondary question: this telnet test seems a bit simplistic to me, is there a more comprehensive method of verifying that the TLS is working properly?
Reply With Quote
Reply

Bookmarks

Tags
postfix, starttls, tls, ubuntu

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 14:33
error: File /root/rpm/SOURCES/postfix-2.3.3-vda.patch: No such file or directory mxtdn Installation/Configuration 1 25th July 2009 09:20
Help needed error rpmbuild -ba postfix.spec mr_bo Installation/Configuration 2 15th May 2009 09:47
Help configure Postfix to use alt port 465 or 587 BoloMarkIII Installation/Configuration 10 16th March 2009 17:57
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47


All times are GMT +2. The time now is 09:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.