Subject: Re: Next Step : postfix / sasl / tls - pkgsrc 2004Q4
To: None <netbsd-users@NetBSD.org>
From: Asmodehn Shade <firstname.lastname@example.org>
Date: 02/22/2005 19:36:11
Asmodehn Shade a écrit :
> Michael-John Turner a écrit :
>> On Mon, Feb 21, 2005 at 11:51:31PM +0100, Asmodehn Shade wrote:
>>> smtpd_enforce_tls = yes
>> Unless I'm mistaken, this enforces TLS.
>>> But tls negociation seems to timeout...
>>> when I try to connect the server with Thunderbird or with telnet,
>>> the result is the same :
>>>> telnet localhost 25
>>>> Trying ::1...
>>>> telnet: connect to address ::1: Connection refused
>>>> Trying 127.0.0.1...
>>>> Connected to localhost.
>>>> Escape character is '^]'.
>>>> EHLO test.net
>>>> Connection closed by foreign host.
>> Telnet won't setup a TLS connection, and that needs to happen before
>> the EHLO, hence your error. Is Thunderbird configured to use
>> Disclaimer: I'm not a Postfix expert...
> yes thunderbird was configured to use tls... Since the client doesn't
> need to authenticate, I thoughed TLS channel will be done, even when
> connecting with telnet, even if I could not read anything ;-)
> Cyrus imapd is working with SASL and TLS now...
> I can have CRAMMD5 / DIGESTMD5 / NTLM + TLS on local connection
> (imtest -t"" [...] localhost) but Thunderbird say to me that my server
> doesn't know secure authentication (??!!??!?)
> But I can also log in with plain+TLS, this doesn't matter to me, but
> this may be a clue?
> I don't know what I'm missing in postfix. SASL is set up the same way
> than cyrus-imapd, and the certs are the same... I don't understand,
> why the TLS handshake cannot be done. Is there a way to test it in
> console ?
> Thank you
here is another log I got with loglevel 2 and thunderbird :
setting up TLS connection from unknown[192.168.0.200]
Feb 22 19:19:47 Asmodehn postfix/smtpd: SSL_accept:before/accept
Feb 22 19:19:47 Asmodehn postfix/smtpd: SSL_accept:error in
SSLv2/v3 read client hello A
Feb 22 19:20:15 Asmodehn postfix/smtpd: warning: Read failed in
network_biopair_interop with errno=54: num_read=-1, want_read=11
Feb 22 19:20:15 Asmodehn postfix/smtpd: SSL_accept error from
Still doesn't understand...