FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-07-2012, 11:50 PM
Kumar Krishna
 
Default TLS support on postfix

Hi List,

I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP.

>From the localhost when I do an EHLO, following is the output

[root@xxxxxxx ~]# nc localhost 25
220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
EHLO localhost
250-xxxxxxx.xxxx.xxx.xx
250-PIPELINING
250-SIZE 41943040
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN

krishna@L03:~$ nc xxxxxxx.xxxx.xxx.xx 25
220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
EHLO localhost
250-xxxxxxx.xxxx.xxx.xx
250-PIPELINING
250-SIZE 41943040
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250 8BITMIME


I have done some googling and found this might be because of the Cisco Router's "ESMTP Fix". However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour?

Regards,
KRiSHNA
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2012, 01:04 AM
Nataraj
 
Default TLS support on postfix

On 02/07/2012 04:50 PM, Kumar Krishna wrote:
> Hi List,
>
> I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP.
>
> >From the localhost when I do an EHLO, following is the output
>
> [root@xxxxxxx ~]# nc localhost 25
> 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
> EHLO localhost
> 250-xxxxxxx.xxxx.xxx.xx
> 250-PIPELINING
> 250-SIZE 41943040
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
>
> However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN
>
> krishna@L03:~$ nc xxxxxxx.xxxx.xxx.xx 25
> 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
> EHLO localhost
> 250-xxxxxxx.xxxx.xxx.xx
> 250-PIPELINING
> 250-SIZE 41943040
> 250-VRFY
> 250-ETRN
> 250-AUTH PLAIN LOGIN
> 250 8BITMIME
>
>
> I have done some googling and found this might be because of the Cisco Router's "ESMTP Fix". However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour?
>
> Regards,
> KRiSHNA
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

>From http://www.postfix.org/TLS_README.html

By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix is visible. Explicitly switch it on with "smtpd_tls_security_level = may".
/etc/postfix/main.cf:
smtpd_tls_security_level = may

With this, the Postfix SMTP server announces STARTTLS support to remote SMTP clients, but does not require that clients use TLS encryption.



My tls configuration looks something like this:

# INCOMING TLS (smtpd server)
smtpd_tls_security_level = may
smtpd_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/certs/tls.key
smtpd_tls_cert_file = /etc/postfix/certs/tls.crt
smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt
smtpd_tls_CApath = /etc/postfix/certs
smtpd_tls_loglevel = 1

smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# OUTGOING TLS (SMTP transport)
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes


Nataraj

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2012, 04:50 AM
Kumar Krishna
 
Default TLS support on postfix

On Tue, 07 Feb 2012 18:04:03 -0800
Nataraj <incoming-centos@rjl.com> wrote:

> On 02/07/2012 04:50 PM, Kumar Krishna wrote:
> > Hi List,
> >
> > I have a postfix server based on CentOS 5 in which I have been
> > trying to add TLS encryption support for SMTP.
> >
> > >From the localhost when I do an EHLO, following is the output
> >
> > [root@xxxxxxx ~]# nc localhost 25
> > 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
> > EHLO localhost
> > 250-xxxxxxx.xxxx.xxx.xx
> > 250-PIPELINING
> > 250-SIZE 41943040
> > 250-VRFY
> > 250-ETRN
> > 250-STARTTLS
> > 250-AUTH PLAIN LOGIN
> > 250-AUTH=PLAIN LOGIN
> > 250-ENHANCEDSTATUSCODES
> > 250-8BITMIME
> > 250 DSN
> >
> > However from a remote location when I do the EHLO, the response
> > does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN
> >
> > krishna@L03:~$ nc xxxxxxx.xxxx.xxx.xx 25
> > 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
> > EHLO localhost
> > 250-xxxxxxx.xxxx.xxx.xx
> > 250-PIPELINING
> > 250-SIZE 41943040
> > 250-VRFY
> > 250-ETRN
> > 250-AUTH PLAIN LOGIN
> > 250 8BITMIME
> >
> >
> > I have done some googling and found this might be because of the
> > Cisco Router's "ESMTP Fix". However Can someone here tell me if
> > there are any settings in master.cf or main.cf that might result in
> > similar behaviour?
> >
> > Regards,
> > KRiSHNA
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
> >From http://www.postfix.org/TLS_README.html
>
> By default, TLS is disabled in the Postfix SMTP server, so no
> difference to plain Postfix is visible. Explicitly switch it on with
> "smtpd_tls_security_level = may". /etc/postfix/main.cf:
> smtpd_tls_security_level = may
>
> With this, the Postfix SMTP server announces STARTTLS support to
> remote SMTP clients, but does not require that clients use TLS
> encryption.
>
>
>
> My tls configuration looks something like this:
>
> # INCOMING TLS (smtpd server)
> smtpd_tls_security_level = may
> smtpd_note_starttls_offer = yes
> smtpd_tls_key_file = /etc/postfix/certs/tls.key
> smtpd_tls_cert_file = /etc/postfix/certs/tls.crt
> smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt
> smtpd_tls_CApath = /etc/postfix/certs
> smtpd_tls_loglevel = 1
>
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
>
> # OUTGOING TLS (SMTP transport)
> smtp_tls_loglevel = 1
> smtp_tls_session_cache_database =
> btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may
> smtp_tls_note_starttls_offer = yes
>
>
> Nataraj

Thanks for the reply Nataraj, but still no joy. I tried adding 'smtp_tls_security_level = may' & 'smtpd_tls_security_level = may' to my existing configuration, but it didn't helped.
Any ideas what else I might need to change in the configuration?

Here is how my configuration looks like

#ENCRYPTION
#==========#
# Incoming
smtpd_tls_auth_only = no
smtpd_note_starttls_offer = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom

# Outgoing
smtp_use_tls = yes
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may

Regards,
KRiSHNA
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2012, 05:31 AM
Nataraj
 
Default TLS support on postfix

On 02/07/2012 09:50 PM, Kumar Krishna wrote:
> On Tue, 07 Feb 2012 18:04:03 -0800
> Nataraj <incoming-centos@rjl.com> wrote:
>
>> On 02/07/2012 04:50 PM, Kumar Krishna wrote:
>>> Hi List,
>>>
>>> I have a postfix server based on CentOS 5 in which I have been
>>> trying to add TLS encryption support for SMTP.
>>>
>>> >From the localhost when I do an EHLO, following is the output
>>>
>>> [root@xxxxxxx ~]# nc localhost 25
>>> 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
>>> EHLO localhost
>>> 250-xxxxxxx.xxxx.xxx.xx
>>> 250-PIPELINING
>>> 250-SIZE 41943040
>>> 250-VRFY
>>> 250-ETRN
>>> 250-STARTTLS
>>> 250-AUTH PLAIN LOGIN
>>> 250-AUTH=PLAIN LOGIN
>>> 250-ENHANCEDSTATUSCODES
>>> 250-8BITMIME
>>> 250 DSN
>>>
>>> However from a remote location when I do the EHLO, the response
>>> does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN
>>>
>>> krishna@L03:~$ nc xxxxxxx.xxxx.xxx.xx 25
>>> 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
>>> EHLO localhost
>>> 250-xxxxxxx.xxxx.xxx.xx
>>> 250-PIPELINING
>>> 250-SIZE 41943040
>>> 250-VRFY
>>> 250-ETRN
>>> 250-AUTH PLAIN LOGIN
>>> 250 8BITMIME
>>>
>>>
>>> I have done some googling and found this might be because of the
>>> Cisco Router's "ESMTP Fix". However Can someone here tell me if
>>> there are any settings in master.cf or main.cf that might result in
>>> similar behaviour?
>>>
>>> Regards,
>>> KRiSHNA
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>> >From http://www.postfix.org/TLS_README.html
>>
>> By default, TLS is disabled in the Postfix SMTP server, so no
>> difference to plain Postfix is visible. Explicitly switch it on with
>> "smtpd_tls_security_level = may". /etc/postfix/main.cf:
>> smtpd_tls_security_level = may
>>
>> With this, the Postfix SMTP server announces STARTTLS support to
>> remote SMTP clients, but does not require that clients use TLS
>> encryption.
>>
>>
>>
>> My tls configuration looks something like this:
>>
>> # INCOMING TLS (smtpd server)
>> smtpd_tls_security_level = may
>> smtpd_note_starttls_offer = yes
>> smtpd_tls_key_file = /etc/postfix/certs/tls.key
>> smtpd_tls_cert_file = /etc/postfix/certs/tls.crt
>> smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt
>> smtpd_tls_CApath = /etc/postfix/certs
>> smtpd_tls_loglevel = 1
>>
>> smtpd_tls_session_cache_timeout = 3600s
>> tls_random_source = dev:/dev/urandom
>>
>> # OUTGOING TLS (SMTP transport)
>> smtp_tls_loglevel = 1
>> smtp_tls_session_cache_database =
>> btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may
>> smtp_tls_note_starttls_offer = yes
>>
>>
>> Nataraj
> Thanks for the reply Nataraj, but still no joy. I tried adding 'smtp_tls_security_level = may' & 'smtpd_tls_security_level = may' to my existing configuration, but it didn't helped.
> Any ideas what else I might need to change in the configuration?
>
> Here is how my configuration looks like
>
> #ENCRYPTION
> #==========#
> # Incoming
> smtpd_tls_auth_only = no
> smtpd_note_starttls_offer = yes
> smtpd_use_tls = yes
> smtpd_tls_security_level = may
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_tls_received_header = yes
> tls_random_source = dev:/dev/urandom
>
> # Outgoing
> smtp_use_tls = yes
> smtp_tls_loglevel = 1
> smtp_tls_note_starttls_offer = yes
> smtp_tls_security_level = may
>
> Regards,
> KRiSHNA
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Did you reload the configuration with 'postfix reload' or 'service
postfix restart' after updating your config file?

Have you setup certificates? I suggest you read
http://www.postfix.org/TLS_README.html
If you think you've set everything up correctly, run the command
'postconf -n | grep tls' and post the output. You might also check the
archives of the postfix mailing list. I'm sure there are extensive
postings for issues like this.

Nataraj

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2012, 05:36 AM
Kumar Krishna
 
Default TLS support on postfix

On Tue, 07 Feb 2012 18:04:03 -0800
Nataraj <incoming-centos@rjl.com> wrote:

> On 02/07/2012 04:50 PM, Kumar Krishna wrote:
> > Hi List,
> >
> > I have a postfix server based on CentOS 5 in which I have been
> > trying to add TLS encryption support for SMTP.
> >
> > >From the localhost when I do an EHLO, following is the output
> >
> > [root@xxxxxxx ~]# nc localhost 25
> > 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
> > EHLO localhost
> > 250-xxxxxxx.xxxx.xxx.xx
> > 250-PIPELINING
> > 250-SIZE 41943040
> > 250-VRFY
> > 250-ETRN
> > 250-STARTTLS
> > 250-AUTH PLAIN LOGIN
> > 250-AUTH=PLAIN LOGIN
> > 250-ENHANCEDSTATUSCODES
> > 250-8BITMIME
> > 250 DSN
> >
> > However from a remote location when I do the EHLO, the response
> > does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN
> >
> > krishna@L03:~$ nc xxxxxxx.xxxx.xxx.xx 25
> > 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
> > EHLO localhost
> > 250-xxxxxxx.xxxx.xxx.xx
> > 250-PIPELINING
> > 250-SIZE 41943040
> > 250-VRFY
> > 250-ETRN
> > 250-AUTH PLAIN LOGIN
> > 250 8BITMIME
> >
> >
> > I have done some googling and found this might be because of the
> > Cisco Router's "ESMTP Fix". However Can someone here tell me if
> > there are any settings in master.cf or main.cf that might result in
> > similar behaviour?
> >
> > Regards,
> > KRiSHNA
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
> >From http://www.postfix.org/TLS_README.html
>
> By default, TLS is disabled in the Postfix SMTP server, so no
> difference to plain Postfix is visible. Explicitly switch it on with
> "smtpd_tls_security_level = may". /etc/postfix/main.cf:
> smtpd_tls_security_level = may
>
> With this, the Postfix SMTP server announces STARTTLS support to
> remote SMTP clients, but does not require that clients use TLS
> encryption.
>
>
>
> My tls configuration looks something like this:
>
> # INCOMING TLS (smtpd server)
> smtpd_tls_security_level = may
> smtpd_note_starttls_offer = yes
> smtpd_tls_key_file = /etc/postfix/certs/tls.key
> smtpd_tls_cert_file = /etc/postfix/certs/tls.crt
> smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt
> smtpd_tls_CApath = /etc/postfix/certs
> smtpd_tls_loglevel = 1
>
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
>
> # OUTGOING TLS (SMTP transport)
> smtp_tls_loglevel = 1
> smtp_tls_session_cache_database =
> btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may
> smtp_tls_note_starttls_offer = yes
>
>
> Nataraj
>

Yes, I did restarted postfix.
I ran tcpdump on the mail server while connecting to it from a remote location and then analysed the dump file. It seems that the server is working fine and offering STARTTLS, but the Cisco Router en route is messing things up.

Regards,
KRiSHNA

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2012, 05:44 AM
Nataraj
 
Default TLS support on postfix

On 02/07/2012 09:50 PM, Kumar Krishna wrote:
> On Tue, 07 Feb 2012 18:04:03 -0800
> Nataraj <incoming-centos@rjl.com> wrote:
>
>> On 02/07/2012 04:50 PM, Kumar Krishna wrote:
>>> Hi List,
>>>
>>> I have a postfix server based on CentOS 5 in which I have been
>>> trying to add TLS encryption support for SMTP.
>>>
>>> >From the localhost when I do an EHLO, following is the output
>>>
>>> [root@xxxxxxx ~]# nc localhost 25
>>> 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
>>> EHLO localhost
>>> 250-xxxxxxx.xxxx.xxx.xx
>>> 250-PIPELINING
>>> 250-SIZE 41943040
>>> 250-VRFY
>>> 250-ETRN
>>> 250-STARTTLS
>>> 250-AUTH PLAIN LOGIN
>>> 250-AUTH=PLAIN LOGIN
>>> 250-ENHANCEDSTATUSCODES
>>> 250-8BITMIME
>>> 250 DSN
>>>
>>> However from a remote location when I do the EHLO, the response
>>> does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN
>>>
>>> krishna@L03:~$ nc xxxxxxx.xxxx.xxx.xx 25
>>> 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix
>>> EHLO localhost
>>> 250-xxxxxxx.xxxx.xxx.xx
>>> 250-PIPELINING
>>> 250-SIZE 41943040
>>> 250-VRFY
>>> 250-ETRN
>>> 250-AUTH PLAIN LOGIN
>>> 250 8BITMIME
>>>
>>>
>>> I have done some googling and found this might be because of the
>>> Cisco Router's "ESMTP Fix". However Can someone here tell me if
>>> there are any settings in master.cf or main.cf that might result in
>>> similar behaviour?
>>>
>>> Regards,
>>> KRiSHNA
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>> >From http://www.postfix.org/TLS_README.html
>>
>> By default, TLS is disabled in the Postfix SMTP server, so no
>> difference to plain Postfix is visible. Explicitly switch it on with
>> "smtpd_tls_security_level = may". /etc/postfix/main.cf:
>> smtpd_tls_security_level = may
>>
>> With this, the Postfix SMTP server announces STARTTLS support to
>> remote SMTP clients, but does not require that clients use TLS
>> encryption.
>>
>>
>>
>> My tls configuration looks something like this:
>>
>> # INCOMING TLS (smtpd server)
>> smtpd_tls_security_level = may
>> smtpd_note_starttls_offer = yes
>> smtpd_tls_key_file = /etc/postfix/certs/tls.key
>> smtpd_tls_cert_file = /etc/postfix/certs/tls.crt
>> smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt
>> smtpd_tls_CApath = /etc/postfix/certs
>> smtpd_tls_loglevel = 1
>>
>> smtpd_tls_session_cache_timeout = 3600s
>> tls_random_source = dev:/dev/urandom
>>
>> # OUTGOING TLS (SMTP transport)
>> smtp_tls_loglevel = 1
>> smtp_tls_session_cache_database =
>> btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may
>> smtp_tls_note_starttls_offer = yes
>>
>>
>> Nataraj
> Thanks for the reply Nataraj, but still no joy. I tried adding 'smtp_tls_security_level = may' & 'smtpd_tls_security_level = may' to my existing configuration, but it didn't helped.
> Any ideas what else I might need to change in the configuration?
>
> Here is how my configuration looks like
>
> #ENCRYPTION
> #==========#
> # Incoming
> smtpd_tls_auth_only = no
> smtpd_note_starttls_offer = yes
> smtpd_use_tls = yes
> smtpd_tls_security_level = may
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_tls_received_header = yes
> tls_random_source = dev:/dev/urandom
>
> # Outgoing
> smtp_use_tls = yes
> smtp_tls_loglevel = 1
> smtp_tls_note_starttls_offer = yes
> smtp_tls_security_level = may
>
> Regards,
> KRiSHNA
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

It is also possible to configure postfix so that it uses TLS but does
not announce the availability of STARTTLS.
If somebody did this on your system you would have
"smtpd_tls_wrappermode=yes" somewhere in your master.cf file, something
like this.

/etc/postfix/master.cf:

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes

Nataraj


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2012, 10:09 PM
Les Mikesell
 
Default TLS support on postfix

On Wed, Feb 8, 2012 at 12:36 AM, Kumar Krishna <krishnak5891@gmail.com>wrote:

>
> Yes, I did restarted postfix.
> I ran tcpdump on the mail server while connecting to it from a remote
> location and then analysed the dump file. It seems that the server is
> working fine and offering STARTTLS, but the Cisco Router en route is
> messing things up.
>

A normal router shouldn't interfere. Is this a PIX or ASA firewall? I
haven't used one for a few years but you used to have to do a

no fixup protocol smtp 25

to get them to pass things correctly.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-11-2012, 08:21 AM
Kumar Krishna
 
Default TLS support on postfix

On Wed, 8 Feb 2012 17:09:51 -0600
Les Mikesell <lesmikesell@gmail.com> wrote:

> On Wed, Feb 8, 2012 at 12:36 AM, Kumar Krishna
> <krishnak5891@gmail.com>wrote:
>
> >
> > Yes, I did restarted postfix.
> > I ran tcpdump on the mail server while connecting to it from a
> > remote location and then analysed the dump file. It seems that the
> > server is working fine and offering STARTTLS, but the Cisco Router
> > en route is messing things up.
> >
>
> A normal router shouldn't interfere. Is this a PIX or ASA firewall?
> I haven't used one for a few years but you used to have to do a
>
> no fixup protocol smtp 25
>
> to get them to pass things correctly.
>

I believe it is a PIX or ASA firewall.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-11-2012, 04:16 PM
Les Mikesell
 
Default TLS support on postfix

On Sat, Feb 11, 2012 at 3:21 AM, Kumar Krishna <krishnak5891@gmail.com> wrote:
> >
>> > Yes, I did restarted postfix.
>> > I ran tcpdump on the mail server while connecting to it from a
>> > remote location and then analysed the dump file. It seems that the
>> > server is working fine and offering STARTTLS, but the Cisco Router
>> > en route is messing things up.
>> >
>>
>> A normal router shouldn't interfere. *Is this a PIX or ASA firewall?
>> I haven't used one for a few years but you used to have to do a
>>
>> no fixup protocol smtp 25
>>
>> to get them to pass things correctly.
>>
>
> I believe it is a PIX or ASA firewall.

In that case it is very likely to be the problem.
--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org