|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Problems with SASL + TLS integration
From: Andreas Winkelmann (ml
awinkelmann.de)
Date: Fri May 26 2006 - 10:30:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Friday 26 May 2006 03:33 schrieb P v:
> However, I need to setup an authenticated connection for remote access.
> I use the following on this Gentoo box:
>
> Mailman
> Postfix
> maildrop
> sasl2 via cyrus (in theory)
> mysql (not relevant?)
> pam
> squirrelmail
> sylpheed-claws
> courier-imap
>
> I will be accessing remotely for testing via Thunderbird.
>
> Up until now, I've accessed email at the server. My wife's used
> squirrelmail to access remotely. I'm going to do a lot of travelling and
> squirrelmail won't cut it. I'd like to setup for authenticated SMTP. I've
> been inquiring at the gentoo forums without success.
>
> I'll repost the relevant portion of my forums.gentoo.org post:
>
> I followed
> http://gentoo-wiki.com/HOWTO_Email_System_for_the_Home_Network in order
> to setup my system.
>
> Locally, on linux, sylpheed claws is fine. I have sylpheed setup with
> IMAP and SMPT TLS Auth. When I go to the XP laptop, I have to use
> Thunderbird for IMAP Maildir access.
>
> Under Thunderbird in XP - outside the network - I get this:
>
> I can read mail if I switch from TLS to "SSL w/o authentication."
>
> In terms of sending... no dice.
>
> I start with TLS + user / pw.
> Say I attempt to send to yahoo. I get a window acknowledging the
> detection of an encrypted email connection. This seems like a good sign.
> I 'OK' this but then the send fails a la:
> "Error - unable to connect to SMTP server mail.philsdomain.com via
> STARTTLS since it doesn't offer STARTTLS in EHLO response."
Check with a telnet from the Client (XP) to your Postfix if you see the same
things as with telnet from localhost (below). If you see the STARTTLS-Header
send "STARTTLS". Look in your Postfix-Log if Postfix saw this command.
Do you have a Virus-Scanner on the Windows-Box which is configured to scan
outgoing Mail? Stop it for a test, or disable the scanning of outgoing Mail.
Background is, some Virus-Scanners for Windows cannot work, if you use
SSL/TLS. They monitor Port 25 and if some Application tries to do a STARTTLS,
they give some errors (TLS not available) or something else. So the Client
will do a next try without STARTTLS.
> So, I change the SMTP settings in T-bird to SSL. Hey, it worked for
> reading mail.... No luck: "Error - maybe the server is down or
> misconfigured."
>
> With smtp set to 'no secure connection' I get a relay error. I guess
> that's a good thing. However, if I use this setting and then attempt to
> send an email to a user in my domain, it does go through. That's the only
> permutation that is able to send successfully.
>
> Some more info taken from the mail server console:
>
> $ telnet mail.philsdomain.com 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 mail.philsdomain.com ESMTP Postfix
> EHLO philsdomain.com
> 250-mail.philsdomain.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME
> STARTTLS
> 220 Ready to start TLS
> ^]
>
> I find this odd, considering the error states that STARTTLS isn't
> offered when I try to connect from XP thunderbird.
Test the same from the WIndows-Box. The Output may be diffrent.
--
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]