From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-75911-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1JQs8X-00063a-7i
	for garchives@archives.gentoo.org; Sun, 17 Feb 2008 22:37:29 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id AD99EE0390;
	Sun, 17 Feb 2008 22:37:27 +0000 (UTC)
Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.176])
	by pigeon.gentoo.org (Postfix) with ESMTP id 7F7D5E0390
	for <gentoo-user@lists.gentoo.org>; Sun, 17 Feb 2008 22:37:27 +0000 (UTC)
Received: by wa-out-1112.google.com with SMTP id k34so2704874wah.10
        for <gentoo-user@lists.gentoo.org>; Sun, 17 Feb 2008 14:37:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=IJ1Jb8x/36sFU1+gez9wkK/OGpwCjhNUOsT/0bPwqVU=;
        b=ikByWe1hsvVapZtVrzGgSNxwGNYGyLK6X8+uvevcLjq1rUjH91q+qKwAGvkrAGrVtVbXUBOde/kt2EZM0rrK7VAwFRuxx6Dod3lg66o7b3Z11vMh72+ILjVSpeXqXVODMWGXNEMPw1JRADJmijzJtI27CGBBRX8kQOG/ApqpCxQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=nW7Eu5ZyTtM+m5QuJVbINtC522Cc30rUSXnPwJkUJeT6kdrTHJhN5EnyfbFYoGJmNauzYwLrd9AJz6S/va9u0mLirbwkrwhBZLN1z2Q2Si/VUJNrzcY54JhMZwQyo5sAtQqrB8tqDZj6b23RcWuR9L67XNaIAJ2vOOc2w8JjKy0=
Received: by 10.115.108.1 with SMTP id k1mr874882wam.42.1203287846238;
        Sun, 17 Feb 2008 14:37:26 -0800 (PST)
Received: by 10.115.110.15 with HTTP; Sun, 17 Feb 2008 14:37:26 -0800 (PST)
Message-ID: <49bf44f10802171437v5ea293d9q7f40956adac971a9@mail.gmail.com>
Date: Sun, 17 Feb 2008 14:37:26 -0800
From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] SSL CUPS and SMTP on port 587
In-Reply-To: <47B8A895.4060108@badapple.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <49bf44f10802170718u638cac2coafe0cab260e14d7@mail.gmail.com>
	 <20080217172209.GA7540@princeton.edu>
	 <49bf44f10802170928u46285df1x19dfbe42554f6118@mail.gmail.com>
	 <47B8904F.4020900@badapple.net>
	 <49bf44f10802171224w694b8ed5g2bb060721c61bb06@mail.gmail.com>
	 <47B8A895.4060108@badapple.net>
X-Archives-Salt: bbb8d8a3-eaa1-4f76-8593-67ae9324bb3d
X-Archives-Hash: 2d1eb99d4c9b72b4460ff55a1f9013da

> > I uncommented the above line and added the following to main.cf:
> >
> > smtpd_tls_security_level = may
> >
> > as instructed here:
> >
> > http://www.postfix.org/TLS_README.html#server_enable
> >
> > and restarted postfix, but I still can't send.  In claws-mail, I tried
> > specifying 587 and I'm specifying Use SSL for SSMTP.  I'm guessing TLS
> > isn't set up properly?
>
> You need more than that. My /etc/postfix/main.cf looks like this and
> you'll need to create the actual certs listed below as well. I recommend
> smtpd_tls_auth_only so that anyone trying to smtp auth is required to do
> it over an encrypted session.
>
> # TLS stuff
> smtpd_tls_security_level = may
> smtpd_tls_auth_only = yes
> smtpd_tls_key_file = /etc/postfix/newkey.pem
> smtpd_tls_cert_file = /etc/postfix/newcert.pem
> smtpd_tls_CAfile = /etc/postfix/cacert.pem
> #smtpd_tls_loglevel = 3
> #smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
>
> Additionally check to see what port Postfix is listening on. It's on
> port 465 on my server and you'll need to set your mail client to SSL
> rather than TLS.

Thank you kashani.  Now I'm getting "Relay access denied".  I've been
sending via squirrelmail running on the same server so I need to make
an adjustment.  What I'd like to do is allow relaying for any
authenticated smtp client but I don't see any option for that in the
main.cf comments.  I tried adding "grant" to the postdrop group with
no luck.

Here's my main.cf (I'm using postgrey):

mydestination = mydomain.com
setgid_group = postdrop
smtpd_recipient_restrictions =
        permit_mynetworks,
        check_policy_service inet:127.0.0.1:10030
        reject_unauth_destination,
        permit
virtual_alias_maps = hash:/etc/postfix/virtual
message_size_limit = 20480000
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

How does that look?

- Grant
-- 
gentoo-user@lists.gentoo.org mailing list