netbsd-users: Re: Next Step : postfix / sasl / tls

Subject: Re: Next Step : postfix / sasl / tls - pkgsrc 2004Q4
To: None <netbsd-users@NetBSD.org>
From: Asmodehn Shade <asmodehn@9online.fr>
List: netbsd-users
Date: 02/22/2005 19:36:11

Asmodehn Shade a écrit :

> Michael-John Turner a écrit :
>
>> On Mon, Feb 21, 2005 at 11:51:31PM +0100, Asmodehn Shade wrote:
>> [...]
>>  
>>
>>> smtpd_enforce_tls = yes
>>>   
>>
>>
>> Unless I'm mistaken, this enforces TLS.
>>
>> [...]
>>  
>>
>>> But tls negociation seems to timeout...
>>> when I try to connect the server with Thunderbird or with telnet, 
>>> the result is the same :
>>>
>>>   
>>>
>>>> telnet localhost 25
>>>> Trying ::1...
>>>> telnet: connect to address ::1: Connection refused
>>>> Trying 127.0.0.1...
>>>> Connected to localhost.
>>>> Escape character is '^]'.
>>>> EHLO test.net
>>>> Connection closed by foreign host.
>>>>     
>>>
>> [...]
>>
>> Telnet won't setup a TLS connection, and that needs to happen before 
>> the EHLO, hence your error. Is Thunderbird configured to use
>> TLS?
>>
>> Disclaimer: I'm not a Postfix expert...
>>
>> -mj
>>  
>>
> yes thunderbird was configured to use tls... Since the client doesn't 
> need to authenticate, I thoughed TLS channel will be done, even when 
> connecting with telnet, even if I could not read anything ;-)
>
> Cyrus imapd is working with SASL and TLS now...
> I can have CRAMMD5 / DIGESTMD5 / NTLM + TLS on local connection 
> (imtest -t"" [...] localhost) but Thunderbird say to me that my server 
> doesn't know secure authentication (??!!??!?)
> But I can also log in with plain+TLS, this doesn't matter to me, but 
> this may be a clue?
>
> I don't know what I'm missing in postfix. SASL is set up the same way 
> than cyrus-imapd, and the certs are the same... I don't understand, 
> why the TLS handshake cannot be done. Is there a way to test it in 
> console ?
>
> Thank you
>
> -- 
> Asmodehn
>
>
here is another log I got with loglevel 2 and thunderbird :

setting up TLS connection from unknown[192.168.0.200]
Feb 22 19:19:47 Asmodehn postfix/smtpd[10186]: SSL_accept:before/accept 
initialization
Feb 22 19:19:47 Asmodehn postfix/smtpd[10186]: SSL_accept:error in 
SSLv2/v3 read client hello A
Feb 22 19:20:15 Asmodehn postfix/smtpd[10186]: warning: Read failed in 
network_biopair_interop with errno=54: num_read=-1, want_read=11
Feb 22 19:20:15 Asmodehn postfix/smtpd[10186]: SSL_accept error from 
unknown[192.168.0.200]: -1

Still doesn't understand...
.... TBC...