| 1 |
> > I uncommented the above line and added the following to main.cf: |
| 2 |
> > |
| 3 |
> > smtpd_tls_security_level = may |
| 4 |
> > |
| 5 |
> > as instructed here: |
| 6 |
> > |
| 7 |
> > http://www.postfix.org/TLS_README.html#server_enable |
| 8 |
> > |
| 9 |
> > and restarted postfix, but I still can't send. In claws-mail, I tried |
| 10 |
> > specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS |
| 11 |
> > isn't set up properly? |
| 12 |
> |
| 13 |
> You need more than that. My /etc/postfix/main.cf looks like this and |
| 14 |
> you'll need to create the actual certs listed below as well. I recommend |
| 15 |
> smtpd_tls_auth_only so that anyone trying to smtp auth is required to do |
| 16 |
> it over an encrypted session. |
| 17 |
> |
| 18 |
> # TLS stuff |
| 19 |
> smtpd_tls_security_level = may |
| 20 |
> smtpd_tls_auth_only = yes |
| 21 |
> smtpd_tls_key_file = /etc/postfix/newkey.pem |
| 22 |
> smtpd_tls_cert_file = /etc/postfix/newcert.pem |
| 23 |
> smtpd_tls_CAfile = /etc/postfix/cacert.pem |
| 24 |
> #smtpd_tls_loglevel = 3 |
| 25 |
> #smtpd_tls_received_header = yes |
| 26 |
> smtpd_tls_session_cache_timeout = 3600s |
| 27 |
> tls_random_source = dev:/dev/urandom |
| 28 |
> |
| 29 |
> Additionally check to see what port Postfix is listening on. It's on |
| 30 |
> port 465 on my server and you'll need to set your mail client to SSL |
| 31 |
> rather than TLS. |
| 32 |
|
| 33 |
Thank you kashani. Now I'm getting "Relay access denied". I've been |
| 34 |
sending via squirrelmail running on the same server so I need to make |
| 35 |
an adjustment. What I'd like to do is allow relaying for any |
| 36 |
authenticated smtp client but I don't see any option for that in the |
| 37 |
main.cf comments. I tried adding "grant" to the postdrop group with |
| 38 |
no luck. |
| 39 |
|
| 40 |
Here's my main.cf (I'm using postgrey): |
| 41 |
|
| 42 |
mydestination = mydomain.com |
| 43 |
setgid_group = postdrop |
| 44 |
smtpd_recipient_restrictions = |
| 45 |
permit_mynetworks, |
| 46 |
check_policy_service inet:127.0.0.1:10030 |
| 47 |
reject_unauth_destination, |
| 48 |
permit |
| 49 |
virtual_alias_maps = hash:/etc/postfix/virtual |
| 50 |
message_size_limit = 20480000 |
| 51 |
smtpd_tls_security_level = may |
| 52 |
smtpd_tls_auth_only = yes |
| 53 |
smtpd_tls_key_file = /etc/ssl/postfix/server.key |
| 54 |
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt |
| 55 |
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem |
| 56 |
smtpd_tls_session_cache_timeout = 3600s |
| 57 |
tls_random_source = dev:/dev/urandom |
| 58 |
|
| 59 |
How does that look? |
| 60 |
|
| 61 |
- Grant |
| 62 |
-- |
| 63 |
gentoo-user@l.g.o mailing list |
Archives