From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JRBxF-0006ur-5O for garchives@archives.gentoo.org; Mon, 18 Feb 2008 19:47:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6FA96E04BA; Mon, 18 Feb 2008 19:46:27 +0000 (UTC) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178]) by pigeon.gentoo.org (Postfix) with ESMTP id 2B464E04BA for ; Mon, 18 Feb 2008 19:46:27 +0000 (UTC) Received: by wa-out-1112.google.com with SMTP id k34so3229203wah.10 for ; Mon, 18 Feb 2008 11:46:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=+rsqzyATMWxhhyqtTSTZSSrmuHomDVMPYwa1+x+GXOk=; b=DFG1blUGnesJF1n9xxIO+SpyjdSn4yGDYISfqywFlQ43kjZhfflctYvSeX2eFULwFTvrCqp4xqLOjCsScjyRqTniq/YgnCTlumHK1d7OskWhWRiUapMzQRzbEXd6CB9xHP6UUPp3xEvSpzG7MQioLe0KPNJVFHigDqTYBNT7PgM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=idjGtOLFCYz4SuhyEiL320u/XaRF+zNIsyAvdB3K6IC94oKUdNzMQZm1N4pX2ailOa3zUptLgxmcjrJkJc+rYgkjBDCrJjp556dnF0LTOz++KQVcEbLtQ5BVhYnOJU2hrSUUt9MFfOsQTMkV0PcRMbdiWZfNTpBwr8GdsGkeLhY= Received: by 10.114.124.1 with SMTP id w1mr1434162wac.131.1203363986632; Mon, 18 Feb 2008 11:46:26 -0800 (PST) Received: by 10.115.110.15 with HTTP; Mon, 18 Feb 2008 11:46:26 -0800 (PST) Message-ID: <49bf44f10802181146m53cbc1fao576a909ddc2b9d78@mail.gmail.com> Date: Mon, 18 Feb 2008 11:46:26 -0800 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSL CUPS and SMTP on port 587 In-Reply-To: <49bf44f10802171437v5ea293d9q7f40956adac971a9@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10802170718u638cac2coafe0cab260e14d7@mail.gmail.com> <20080217172209.GA7540@princeton.edu> <49bf44f10802170928u46285df1x19dfbe42554f6118@mail.gmail.com> <47B8904F.4020900@badapple.net> <49bf44f10802171224w694b8ed5g2bb060721c61bb06@mail.gmail.com> <47B8A895.4060108@badapple.net> <49bf44f10802171437v5ea293d9q7f40956adac971a9@mail.gmail.com> X-Archives-Salt: 22a4eb98-f546-499f-80ca-450fc4534c59 X-Archives-Hash: 77e40f51607a89dcf5b52c78ae2794df > > > I uncommented the above line and added the following to main.cf: > > > > > > smtpd_tls_security_level = may > > > > > > as instructed here: > > > > > > http://www.postfix.org/TLS_README.html#server_enable > > > > > > and restarted postfix, but I still can't send. In claws-mail, I tried > > > specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS > > > isn't set up properly? > > > > You need more than that. My /etc/postfix/main.cf looks like this and > > you'll need to create the actual certs listed below as well. I recommend > > smtpd_tls_auth_only so that anyone trying to smtp auth is required to do > > it over an encrypted session. > > > > # TLS stuff > > smtpd_tls_security_level = may > > smtpd_tls_auth_only = yes > > smtpd_tls_key_file = /etc/postfix/newkey.pem > > smtpd_tls_cert_file = /etc/postfix/newcert.pem > > smtpd_tls_CAfile = /etc/postfix/cacert.pem > > #smtpd_tls_loglevel = 3 > > #smtpd_tls_received_header = yes > > smtpd_tls_session_cache_timeout = 3600s > > tls_random_source = dev:/dev/urandom > > > > Additionally check to see what port Postfix is listening on. It's on > > port 465 on my server and you'll need to set your mail client to SSL > > rather than TLS. > > Thank you kashani. Now I'm getting "Relay access denied". I've been > sending via squirrelmail running on the same server so I need to make > an adjustment. What I'd like to do is allow relaying for any > authenticated smtp client but I don't see any option for that in the > main.cf comments. I tried adding "grant" to the postdrop group with > no luck. Is allowing relay access based on authentication not something postfix does? It makes sense to me. How do you guys make the relay decision? - Grant > Here's my main.cf (I'm using postgrey): > > mydestination = mydomain.com > setgid_group = postdrop > smtpd_recipient_restrictions = > permit_mynetworks, > check_policy_service inet:127.0.0.1:10030 > reject_unauth_destination, > permit > virtual_alias_maps = hash:/etc/postfix/virtual > message_size_limit = 20480000 > smtpd_tls_security_level = may > smtpd_tls_auth_only = yes > smtpd_tls_key_file = /etc/ssl/postfix/server.key > smtpd_tls_cert_file = /etc/ssl/postfix/server.crt > smtpd_tls_CAfile = /etc/ssl/postfix/server.pem > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > > How does that look? > > - Grant -- gentoo-user@lists.gentoo.org mailing list