|Main Archive Page > Month Archives > postfix-users archives|
On Jul 12, 2011, at 12:13 AM, Stan Hoeppner wrote:
> On 7/12/2011 1:37 AM, Ron Garret wrote:
>> On Jul 11, 2011, at 11:17 PM, Mike Morris wrote:
>>> Configure smtp_tls_security_level and/or smtp_tls_policy_maps, using at
>>> least a setting of 'may'. This will allow the SMTP client to attempt
>>> STARTTLS connections with remote hosts.
>> Ah. I thought SASL implied TLS, but I guess it doesn't.
>> So I tried adding:
>> smtp_sasl_security_options = auth
>> smtp_tls_security_level = may
>> And now I get "unknown mail transport error" on the client side, and this on the server side:
>> Jul 11 23:30:51 vm01 postfix/smtpd: connect from ec2-184-73-65-10.compute-1.amazonaws.com[126.96.36.199]
>> Jul 11 23:30:52 vm01 postfix/smtpd: lost connection after EHLO from ec2-184-73-65-10.compute-1.amazonaws.com[188.8.131.52]
>> Jul 11 23:30:52 vm01 postfix/smtpd: disconnect from ec2-184-73-65-10.compute-1.amazonaws.com[184.108.40.206]
>>> Set smtp_sasl_security_options = noanonymous (or whatever is
>>> appropriate). The remote server at secure.genesisgroup.info advertises
>>> the following: AUTH PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
>>> Read the TLS_README and SASL_README files for more information.
>> Will do. At least now I know where to look to make further progress. Thanks!
> Since this is a server to server relay of known/trusted systems, and
> assuming that 220.127.116.11 is static and won't change any time soon, why
> not simply add 18.104.22.168 to $mynetworks on secure.genesisgroup.info
> and forget the sasl auth junk? This should get the relaying working
> instantly with little or no pitfalls.
That's a good idea. The reason I didn't do it this way is that I can't count on the client IP remaining static. Also, I like to understand how things work, and I don't like to admit defeat :-)