Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Mar 2005 17:33:18 -0600
From:      Paul Schmehl <pauls@utdallas.edu>
To:        freebsd-ports@freebsd.org
Subject:   Re: Postfix or SASL Port failure ( TLS Support )
Message-ID:  <7B258A5353227AE542ED4DA1@utd49554.utdallas.edu>
In-Reply-To: <4238AD5C.6010903@noconname.org>
References:  <42387211.5050404@noconname.org> <0505ACBCBED4EC65FF9F6D18@utd49554.utdallas.edu> <4238AD5C.6010903@noconname.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
--On Wednesday, March 16, 2005 11:04:12 PM +0100 Jos=E9 Nicol=E1s =
Castellano=20
<jncastellano@noconname.org> wrote:
>
> Ok, but now i want to send without tls, son this don't works.

Postfix will not relay by default.  When you setup TLS, you are allowed to=20
relay through Postfix by first authenticating.  If you're trying to relay=20
but the authentication is failing, then you need to look at *how* the=20
authentication is done.

First, do you have a line like this in master.cf?
smtps     inet  n       -       n       -       -       smtpd -o=20
smtpd_tls_wrappermode=3Dyes -o smtpd_sasl_auth_enable=3Dyes

If not, you won't be able to do TLS.

Do you have lines like these in main.cf?
smtpd_use_tls =3D yes
#smtpd_tls_auth_only =3D yes
smtpd_tls_key_file =3D /var/imap/server.pem
smtpd_tls_cert_file =3D /var/imap/server.pem
smtpd_tls_CAfile =3D /var/imap/server.pem
mtpd_tls_loglevel =3D 3
smtpd_tls_received_header =3D yes
smtpd_tls_session_cache_timeout =3D 3600s
tls_random_source =3D dev:/dev/urandom

If not, you won't be able to do TLS.

Do you also have lines like this in main.cf?
smtpd_sasl_auth_enable =3D yes
broken_sasl_auth_clients =3D yes
        permit_sasl_authenticated
        reject_unauth_destination
        reject_unauth_pipelining

If not, you won't be able to do TLS.

Do you have a file like this:
/usr/local/lib/sasl2/Sendmail.conf

with contents like this:
pwcheck_method: saslauthd auxprop

If not, you won't be able to do TLS.

I don't understand what you mean by "send without tls".  Are you trying to=20
relay?  Send from the localhost?  What?

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7B258A5353227AE542ED4DA1>