I configured postfix with ssl/tls. and created an smtp. However I am unable to send test email and/or login.
"Text below first defines error log (different attempts) and then configuration files."
Error log on terminal.
[First Attempt]
[root@domain postfix]# telnet mail.example.org 587
Trying 139.59.182.62...
Connected to mail.example.org.
Escape character is '^]'.
220 example.org ESMTP Postfix
ehlo mail.example.org
250-example.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
220 2.0.0 Ready to start TLS
ehlo mail.example.org
Connection closed by foreign host.
[Second Attempt]
[root@domain postfix]# telnet mail.example.org 587
Trying 139.59.182.62...
Connected to mail.example.org.
Escape character is '^]'.
220 example.org ESMTP Postfix
ehlo mail.example.org
250-example.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain
334
username
535 5.7.8 Error: authentication failed: another step is needed in authentication
quit
221 2.0.0 Bye
Connection closed by foreign host.
[Third Attempt]
[root@domain postfix]# telnet mail.example.org 587
Trying 139.59.182.62...
Connected to mail.example.org.
Escape character is '^]'.
220 example.org ESMTP Postfix
ehlo mail.example.org
250-example.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<user@domain.org>
250 2.1.0 Ok
RCPT TO:<******@gmail.com>
454 4.7.1 <*******@gmail.com>: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
/var/log/maillog file
Aug 26 19:55:11 example postfix/smtpd[22132]: connect from example.org[00.00.00.00]
Aug 26 19:55:22 example postfix/smtpd[22132]: warning: example.org[00.00.00.00]: SASL plain authentication failed: another step is needed in authentication
Aug 26 19:55:40 example postfix/smtpd[22132]: disconnect from example.org[00.00.00.00]
Aug 26 19:55:42 example postfix/smtpd[22132]: connect from example.org[00.00.00.00]
Aug 26 19:56:25 example postfix/smtpd[22132]: NOQUEUE: reject: RCPT from example.org[00.00.00.00]: 454 4.7.1 <*******@gmail.com>: Relay access denied; from=<******@example.org> to=<*******@gmail.com> proto=ESMTP helo=<mail.domain.org>
Aug 26 19:56:30 example postfix/smtpd[22132]: disconnect from example.org[00.00.00.00]
Aug 26 19:59:50 example postfix/anvil[22134]: statistics: max connection rate 2/60s for (submission:00.00.00.00) at Aug 26 19:55:11
Aug 26 19:59:50 example postfix/anvil[22134]: statistics: max connection count 1 for (submission:00.00.00.00) at Aug 26 19:54:29
Aug 26 19:59:50 example postfix/anvil[22134]: statistics: max cache size 1 at Aug 26 19:54:29
Configuration files:
[main.cf]
myorigin = domain1.org
myhostname = domain2.org
inet_protocols = all
mydestination = mail.domain1.org, domain1
relay_domains = domain2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_domains = domain1.org domain2.org
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/postfix/ssl/ssl.key
smtpd_tls_cert_file = /etc/postfix/ssl/ssl.crt
smtpd_tls_CAfile = /etc/postfix/ssl/interm.crt
smtpd_tls_loglevel = 1
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_auth_enable = yes
smtp_sasl_auth_enable = yes
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_sasl_local_domain =
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_invalid_hostname,permit_sasl_authenticated,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client sbl.spamhaus.org,
permit
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
[master.cf]
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
if you need any details, please let me know. I am stuck at it. tried different ways, from different tutorials but didn't help much.
Best Answer
Oh dear gods, don't attempt to negotiate TLS with
telnet
! You'd have to do the key exchange and all the other TLS functions by hand. That way lies madness. You're currently failing becauseehlo mail.example.org
is in no way an appropriate part ofstarttls
.If you want to test smtp starttls, use
openssl
specifically:openssl s_client -connect <server>:587 -starttls smtp