Re: Relay host auth not working

From: Ron Garret <ron_at_nospam>
Date: Tue Jul 12 2011 - 15:59:55 GMT
To: Stan Hoeppner <stan@hardwarefreak.com>

On Jul 12, 2011, at 12:13 AM, Stan Hoeppner wrote:

> On 7/12/2011 1:37 AM, Ron Garret wrote:
>>
>> On Jul 11, 2011, at 11:17 PM, Mike Morris wrote:
>
>>> Configure smtp_tls_security_level and/or smtp_tls_policy_maps, using at
>>> least a setting of 'may'. This will allow the SMTP client to attempt
>>> STARTTLS connections with remote hosts.
>>
>> Ah. I thought SASL implied TLS, but I guess it doesn't.
>>
>> So I tried adding:
>>
>> smtp_sasl_security_options = auth
>> smtp_tls_security_level = may
>>
>> And now I get "unknown mail transport error" on the client side, and this on the server side:
>>
>> Jul 11 23:30:51 vm01 postfix/smtpd[22169]: connect from ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]
>> Jul 11 23:30:52 vm01 postfix/smtpd[22169]: lost connection after EHLO from ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]
>> Jul 11 23:30:52 vm01 postfix/smtpd[22169]: disconnect from ec2-184-73-65-10.compute-1.amazonaws.com[184.73.65.10]
>>
>>> Set smtp_sasl_security_options = noanonymous (or whatever is
>>> appropriate). The remote server at secure.genesisgroup.info advertises
>>> the following: AUTH PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
>>>
>>> Read the TLS_README and SASL_README files for more information.
>>
>> Will do. At least now I know where to look to make further progress. Thanks!
>
> Since this is a server to server relay of known/trusted systems, and
> assuming that 184.73.65.10 is static and won't change any time soon, why
> not simply add 184.73.65.10 to $mynetworks on secure.genesisgroup.info
> and forget the sasl auth junk? This should get the relaying working
> instantly with little or no pitfalls.

That's a good idea. The reason I didn't do it this way is that I can't count on the client IP remaining static. Also, I like to understand how things work, and I don't like to admit defeat :-)

This message: [ Message body ]
Next message: Gábor Lénárt: "Re: Iptables stopping smtp_bind_address from working properly"
Previous message: Brian Evans - Postfix List: "Re: Best method to post master.conf"
In reply to: Stan Hoeppner: "Re: Relay host auth not working"
Next in thread: Stan Hoeppner: "Re: Relay host auth not working"
Reply: Stan Hoeppner: "Re: Relay host auth not working"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]