starttls testing
in [Postfix]
|
From: donovan jeffrey j on 30 Jul 2010 11:33 Greetings I have an older relay system accept ssl on port 25, it seems to be working, but when i test it, STARTTLS shows up but then the session stalls like it's waiting for me to do something. -probably i do. smtp2:/etc/postfix root# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 smtp2.beth.k12.pa.us ESMTP Postfix EHLO beth.k12.pa.us 250-smtp2.beth.k12.pa.us 250-PIPELINING 250-SIZE 26214400 250-VRFY 250-ETRN 250-STARTTLS 250 8BITMIME what comes next ? i would expect AUTH types. Do I have to initiate an auth sequence ? postconf smtpd_enforce_tls = yes smtpd_pw_server_security_options = login,cram-md5,plain,gssapi smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit smtpd_sasl_auth_enable = yes smtpd_tls_cert_file = /etc/certificates/Default.crt smtpd_tls_key_file = /etc/certificates/Default.key smtpd_use_pw_server = yes smtpd_use_tls = yes -j
From: Magnus =?iso-8859-1?Q?B=E4ck?= on 30 Jul 2010 11:50 On Friday, July 30, 2010 at 17:33 CEST, donovan jeffrey j <donovan(a)beth.k12.pa.us> wrote: > I have an older relay system accept ssl on port 25, it seems to be > working, but when i test it, STARTTLS shows up but then the session > stalls like it's waiting for me to do something. -probably i do. > > smtp2:/etc/postfix root# telnet 127.0.0.1 25 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 smtp2.beth.k12.pa.us ESMTP Postfix > EHLO beth.k12.pa.us > 250-smtp2.beth.k12.pa.us > 250-PIPELINING > 250-SIZE 26214400 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250 8BITMIME As indicated by the lacking hyphen between 250 and 8BITMIME on the final line, that's the final line of the server's response. It's then the client's turn to send the next command. There is no AUTH line in the EHLO response so for some reason Postfix doesn't accept authentication. > what comes next ? i would expect AUTH types. Do I have to initiate an > auth sequence ? > > postconf > > smtpd_enforce_tls = yes > smtpd_pw_server_security_options = login,cram-md5,plain,gssapi > smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit > smtpd_sasl_auth_enable = yes > smtpd_tls_cert_file = /etc/certificates/Default.crt > smtpd_tls_key_file = /etc/certificates/Default.key > smtpd_use_pw_server = yes > smtpd_use_tls = yes Please post at least full "postconf -n" output, or even better saslfinger output (Google it). This thread was started by responding to an old message in another thread. Don't do that. Start new threads by posting a new message to the postfix-users address. -- Magnus B�ck magnus(a)dsek.lth.se
From: Jerry on 30 Jul 2010 12:21 On Fri, 30 Jul 2010 17:50:16 +0200 Magnus Bäck <magnus(a)dsek.lth.se> articulated: > On Friday, July 30, 2010 at 17:33 CEST, > donovan jeffrey j <donovan(a)beth.k12.pa.us> wrote: > > Please post at least full "postconf -n" output, or even better > saslfinger output (Google it). http://ftp.wl0.org/SOURCES/postfinger -- Jerry ✌ postfix-user(a)seibercom.net _____________________________________________________________________ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Kilroe hic erat!
From: donovan jeffrey j on 30 Jul 2010 13:47 On Jul 30, 2010, at 11:50 AM, Magnus Bäck wrote: > On Friday, July 30, 2010 at 17:33 CEST, > donovan jeffrey j <donovan(a)beth.k12.pa.us> wrote: > >> I have an older relay system accept ssl on port 25, it seems to be >> working, but when i test it, STARTTLS shows up but then the session >> stalls like it's waiting for me to do something. -probably i do. >> >> smtp2:/etc/postfix root# telnet 127.0.0.1 25 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> 220 smtp2.beth.k12.pa.us ESMTP Postfix >> EHLO beth.k12.pa.us >> 250-smtp2.beth.k12.pa.us >> 250-PIPELINING >> 250-SIZE 26214400 >> 250-VRFY >> 250-ETRN >> 250-STARTTLS >> 250 8BITMIME > > As indicated by the lacking hyphen between 250 and 8BITMIME on the final > line, that's the final line of the server's response. It's then the > client's turn to send the next command. There is no AUTH line in the > EHLO response so for some reason Postfix doesn't accept authentication. > >> what comes next ? i would expect AUTH types. Do I have to initiate an >> auth sequence ? >> >> postconf >> >> smtpd_enforce_tls = yes >> smtpd_pw_server_security_options = login,cram-md5,plain,gssapi >> smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit >> smtpd_sasl_auth_enable = yes >> smtpd_tls_cert_file = /etc/certificates/Default.crt >> smtpd_tls_key_file = /etc/certificates/Default.key >> smtpd_use_pw_server = yes >> smtpd_use_tls = yes > alias_maps = hash:/etc/aliases,ldap:/etc/postfix/ldaplocal always_bcc = basdarchive(a)beth.k12.pa.us bounce_queue_lifetime = 5m command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 enable_server_options = yes html_directory = no inet_interfaces = all local_recipient_maps = ldap:/etc/postfix/ldaplocal $alias_maps luser_relay = lukeskywalker mail_owner = postfix mailbox_size_limit = 0 mailbox_transport = cyrus mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 26214400 mydestination = $myhostname,localhost.$mydomain,localhost,smtp,smtp2 mydomain = beth.k12.pa.us mydomain_fallback = beth.k12.pa.us myhostname = smtp2.beth.k12.pa.us mynetworks = 127.0.0.1/32,etc.. mynetworks_style = host newaliases_path = /usr/bin/newaliases owner_request_special = no queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_enforce_tls = yes smtpd_pw_server_security_options = login,cram-md5,plain,gssapi smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit smtpd_sasl_auth_enable = yes smtpd_tls_cert_file = /etc/certificates/Default.crt smtpd_tls_key_file = /etc/certificates/Default.key smtpd_use_pw_server = yes smtpd_use_tls = yes soft_bounce = no transport_maps = ldap:/etc/postfix/ldaptransport unknown_local_recipient_reject_code = 550 > Please post at least full "postconf -n" output, or even better > saslfinger output (Google it). -- basics -- Postfix: 2.1.5 System: Welcome to Darwin! -- smtpd is linked to -- ../saslfinger: line 1: ldd: command not found ../saslfinger: line 1: ldd: command not found -- active SMTP AUTH and TLS parameters for smtpd -- smtpd_sasl_auth_enable = yes smtpd_tls_cert_file = /etc/certificates/Default.crt smtpd_tls_key_file = /etc/certificates/Default.key smtpd_use_tls = yes -- listing of /usr/lib/sasl2 -- total 2416 drwxr-xr-x 40 root wheel 1360 Nov 20 2008 . drwxr-xr-x 282 root wheel 9588 Dec 8 2009 .. -rw-r--r-- 1 root wheel 631 Mar 20 2005 apop.la -r-xr-xr-x 1 root wheel 17496 Mar 20 2005 apop.so -rwxr-xr-x 1 root wheel 629 Mar 20 2005 dhx.la -r-xr-xr-x 1 root wheel 598600 Jan 30 2006 dhx.so -rw-r--r-- 1 root wheel 653 Mar 20 2005 digestmd5WebDAV.la -r-xr-xr-x 1 root wheel 43132 Mar 20 2005 digestmd5WebDAV.so drwxr-xr-x 9 root wheel 306 Nov 20 2008 disabled -r-xr-xr-x 1 root wheel 17660 Mar 20 2005 libanonymous.2.so -rw-r--r-- 1 root wheel 694 Mar 20 2005 libanonymous.la -r-xr-xr-x 1 root wheel 17740 Mar 20 2005 libcrammd5.2.so -rw-r--r-- 1 root wheel 682 Mar 20 2005 libcrammd5.la -r-xr-xr-x 1 root wheel 47228 Jan 19 2007 libdigestmd5.2.so -rw-r--r-- 1 root wheel 703 Mar 20 2005 libdigestmd5.la -r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.0.18.so -r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.so -rw-r--r-- 1 root wheel 739 Mar 20 2005 libgssapiv2.la -r-xr-xr-x 1 root wheel 22504 Mar 20 2005 libkerberos4.2.so -rw-r--r-- 1 root wheel 628 Mar 20 2005 liblogin.la -rw-r--r-- 1 root wheel 637 Mar 20 2005 libntlm.la -r-xr-xr-x 1 root wheel 30816 Mar 20 2005 libntlm.so -r-xr-xr-x 1 root wheel 67668 Mar 20 2005 libotp.2.so -rw-r--r-- 1 root wheel 667 Mar 20 2005 libotp.la -r-xr-xr-x 1 root wheel 17604 Mar 20 2005 libplain.2.so -rw-r--r-- 1 root wheel 670 Mar 20 2005 libplain.la -r-xr-xr-x 1 root wheel 17612 Mar 20 2005 login.so -rwxr-xr-x 1 root wheel 639 Mar 20 2005 mschapv2.la -r-xr-xr-x 1 root wheel 22792 Mar 20 2005 mschapv2.so drwxr-xr-x 6 root wheel 204 Nov 9 2007 openldap -rwxr-xr-x 1 root wheel 641 Mar 25 2005 pwauxprop.la -r-xr-xr-x 1 root wheel 53192 Dec 3 2006 pwauxprop.so -r-xr-xr-x 1 root wheel 18580 Mar 20 2005 shadow_auxprop.so -rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_lm.la -r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_lm.so -rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_nt.la -r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_nt.so -rwxr-xr-x 1 root wheel 568 Mar 20 2005 smb_ntlmv2.la -r-xr-xr-x 1 root wheel 22616 Mar 20 2005 smb_ntlmv2.so -r-xr-xr-x 1 root wheel 21960 Mar 20 2005 twowayrandom.so There is no smtpd.conf that defines what SASL should do for Postfix. SMTP AUTH can't work! smtp2:/usr/local/saslfinger-1.0.3 root# ./saslfinger -c saslfinger - postfix Cyrus sasl configuration Fri Jul 30 13:46:42 EDT 2010 version: 1.0.2 mode: client-side SMTP AUTH -- basics -- Postfix: 2.1.5 System: Welcome to Darwin! -- smtp is linked to -- ../saslfinger: line 1: ldd: command not found ../saslfinger: line 1: ldd: command not found -- active SMTP AUTH and TLS parameters for smtp -- No active SMTP AUTH and TLS parameters for smtp in main.cf! SMTP AUTH can't work! smtp2:/usr/local/saslfinger-1.0.3 root# -- basics -- Postfix: 2.1.5 System: Welcome to Darwin! -- smtpd is linked to -- ../saslfinger: line 1: ldd: command not found ../saslfinger: line 1: ldd: command not found -- active SMTP AUTH and TLS parameters for smtpd -- smtpd_sasl_auth_enable = yes smtpd_tls_cert_file = /etc/certificates/Default.crt smtpd_tls_key_file = /etc/certificates/Default.key smtpd_use_tls = yes -- listing of /usr/lib/sasl2 -- total 2416 drwxr-xr-x 40 root wheel 1360 Nov 20 2008 . drwxr-xr-x 282 root wheel 9588 Dec 8 2009 .. -rw-r--r-- 1 root wheel 631 Mar 20 2005 apop.la -r-xr-xr-x 1 root wheel 17496 Mar 20 2005 apop.so -rwxr-xr-x 1 root wheel 629 Mar 20 2005 dhx.la -r-xr-xr-x 1 root wheel 598600 Jan 30 2006 dhx.so -rw-r--r-- 1 root wheel 653 Mar 20 2005 digestmd5WebDAV.la -r-xr-xr-x 1 root wheel 43132 Mar 20 2005 digestmd5WebDAV.so drwxr-xr-x 9 root wheel 306 Nov 20 2008 disabled -r-xr-xr-x 1 root wheel 17660 Mar 20 2005 libanonymous.2.so -rw-r--r-- 1 root wheel 694 Mar 20 2005 libanonymous.la -r-xr-xr-x 1 root wheel 17740 Mar 20 2005 libcrammd5.2.so -rw-r--r-- 1 root wheel 682 Mar 20 2005 libcrammd5.la -r-xr-xr-x 1 root wheel 47228 Jan 19 2007 libdigestmd5.2.so -rw-r--r-- 1 root wheel 703 Mar 20 2005 libdigestmd5.la -r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.0.18.so -r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.so -rw-r--r-- 1 root wheel 739 Mar 20 2005 libgssapiv2.la -r-xr-xr-x 1 root wheel 22504 Mar 20 2005 libkerberos4.2.so -rw-r--r-- 1 root wheel 628 Mar 20 2005 liblogin.la -rw-r--r-- 1 root wheel 637 Mar 20 2005 libntlm.la -r-xr-xr-x 1 root wheel 30816 Mar 20 2005 libntlm.so -r-xr-xr-x 1 root wheel 67668 Mar 20 2005 libotp.2.so -rw-r--r-- 1 root wheel 667 Mar 20 2005 libotp.la -r-xr-xr-x 1 root wheel 17604 Mar 20 2005 libplain.2.so -rw-r--r-- 1 root wheel 670 Mar 20 2005 libplain.la -r-xr-xr-x 1 root wheel 17612 Mar 20 2005 login.so -rwxr-xr-x 1 root wheel 639 Mar 20 2005 mschapv2.la -r-xr-xr-x 1 root wheel 22792 Mar 20 2005 mschapv2.so drwxr-xr-x 6 root wheel 204 Nov 9 2007 openldap -rwxr-xr-x 1 root wheel 641 Mar 25 2005 pwauxprop.la -r-xr-xr-x 1 root wheel 53192 Dec 3 2006 pwauxprop.so -r-xr-xr-x 1 root wheel 18580 Mar 20 2005 shadow_auxprop.so -rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_lm.la -r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_lm.so -rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_nt.la -r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_nt.so -rwxr-xr-x 1 root wheel 568 Mar 20 2005 smb_ntlmv2.la -r-xr-xr-x 1 root wheel 22616 Mar 20 2005 smb_ntlmv2.so -r-xr-xr-x 1 root wheel 21960 Mar 20 2005 twowayrandom.so There is no smtpd.conf that defines what SASL should do for Postfix. SMTP AUTH can't work! smtp2:/usr/local/saslfinger-1.0.3 root# ./saslfinger -c saslfinger - postfix Cyrus sasl configuration Fri Jul 30 13:46:42 EDT 2010 version: 1.0.2 mode: client-side SMTP AUTH -- basics -- Postfix: 2.1.5 System: Welcome to Darwin! -- smtp is linked to -- ../saslfinger: line 1: ldd: command not found ../saslfinger: line 1: ldd: command not found -- active SMTP AUTH and TLS parameters for smtp -- No active SMTP AUTH and TLS parameters for smtp in main.cf! SMTP AUTH can't work! smtp2:/usr/local/saslfinger-1.0.3 root# > > This thread was started by responding to an old message in another > thread. Don't do that. Start new threads by posting a new message > to the postfix-users address. woops > > -- > Magnus Bäck > magnus(a)dsek.lth.se >
From: Magnus =?iso-8859-1?Q?B=E4ck?= on 30 Jul 2010 14:03
On Friday, July 30, 2010 at 18:21 CEST, Jerry <postfix-user(a)seibercom.net> wrote: > On Fri, 30 Jul 2010 17:50:16 +0200 > Magnus B�ck <magnus(a)dsek.lth.se> articulated: > > > Please post at least full "postconf -n" output, or even better > > saslfinger output (Google it). > > http://ftp.wl0.org/SOURCES/postfinger No, I meant saslfinger and not postfinger. http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ -- Magnus B�ck magnus(a)dsek.lth.se |