1 |
> > > I uncommented the above line and added the following to main.cf: |
2 |
> > > |
3 |
> > > smtpd_tls_security_level = may |
4 |
> > > |
5 |
> > > as instructed here: |
6 |
> > > |
7 |
> > > http://www.postfix.org/TLS_README.html#server_enable |
8 |
> > > |
9 |
> > > and restarted postfix, but I still can't send. In claws-mail, I tried |
10 |
> > > specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS |
11 |
> > > isn't set up properly? |
12 |
> > |
13 |
> > You need more than that. My /etc/postfix/main.cf looks like this and |
14 |
> > you'll need to create the actual certs listed below as well. I recommend |
15 |
> > smtpd_tls_auth_only so that anyone trying to smtp auth is required to do |
16 |
> > it over an encrypted session. |
17 |
> > |
18 |
> > # TLS stuff |
19 |
> > smtpd_tls_security_level = may |
20 |
> > smtpd_tls_auth_only = yes |
21 |
> > smtpd_tls_key_file = /etc/postfix/newkey.pem |
22 |
> > smtpd_tls_cert_file = /etc/postfix/newcert.pem |
23 |
> > smtpd_tls_CAfile = /etc/postfix/cacert.pem |
24 |
> > #smtpd_tls_loglevel = 3 |
25 |
> > #smtpd_tls_received_header = yes |
26 |
> > smtpd_tls_session_cache_timeout = 3600s |
27 |
> > tls_random_source = dev:/dev/urandom |
28 |
> > |
29 |
> > Additionally check to see what port Postfix is listening on. It's on |
30 |
> > port 465 on my server and you'll need to set your mail client to SSL |
31 |
> > rather than TLS. |
32 |
> |
33 |
> Thank you kashani. Now I'm getting "Relay access denied". I've been |
34 |
> sending via squirrelmail running on the same server so I need to make |
35 |
> an adjustment. What I'd like to do is allow relaying for any |
36 |
> authenticated smtp client but I don't see any option for that in the |
37 |
> main.cf comments. I tried adding "grant" to the postdrop group with |
38 |
> no luck. |
39 |
|
40 |
Is allowing relay access based on authentication not something postfix |
41 |
does? It makes sense to me. How do you guys make the relay decision? |
42 |
|
43 |
- Grant |
44 |
|
45 |
|
46 |
> Here's my main.cf (I'm using postgrey): |
47 |
> |
48 |
> mydestination = mydomain.com |
49 |
> setgid_group = postdrop |
50 |
> smtpd_recipient_restrictions = |
51 |
> permit_mynetworks, |
52 |
> check_policy_service inet:127.0.0.1:10030 |
53 |
> reject_unauth_destination, |
54 |
> permit |
55 |
> virtual_alias_maps = hash:/etc/postfix/virtual |
56 |
> message_size_limit = 20480000 |
57 |
> smtpd_tls_security_level = may |
58 |
> smtpd_tls_auth_only = yes |
59 |
> smtpd_tls_key_file = /etc/ssl/postfix/server.key |
60 |
> smtpd_tls_cert_file = /etc/ssl/postfix/server.crt |
61 |
> smtpd_tls_CAfile = /etc/ssl/postfix/server.pem |
62 |
> smtpd_tls_session_cache_timeout = 3600s |
63 |
> tls_random_source = dev:/dev/urandom |
64 |
> |
65 |
> How does that look? |
66 |
> |
67 |
> - Grant |
68 |
-- |
69 |
gentoo-user@l.g.o mailing list |