postfix + tls
Bill Holt
william_holt at speakeasy.net
Wed Apr 14 17:25:05 EDT 2004
miah is correct about port 25 and I am aware of 465, however, there is no resolving issues, the mail server worked fine before. Check these logs, if you want I'll include main.cf next time...
I'm getting 5 minutes here and there to research this...
You'll notice at 10:44:28 all was dandy...
-----------------------------------------------------------------------------
/var/log/messages
Apr 14 10:44:28 mail imapd[1666]: login: [10.0.0.2] whde0001 plain+TLS User logg
ed in
Apr 14 11:13:47 mail ctl_cyrusdb[1740]: checkpointing cyrus databases
Apr 14 11:13:50 mail ctl_cyrusdb[1740]: done checkpointing cyrus databases
Apr 14 11:36:43 mail saslauthd[3001]: START: saslauthd 2.1.10
Apr 14 11:36:44 mail saslauthd[3006]: master PID is: 3006
Apr 14 11:36:44 mail saslauthd[3006]: daemon started, listening on /var/run/sasl
authd/mux
Apr 14 11:39:22 mail imapd[3025]: starttls: TLSv1 with cipher AES256-SHA (256/25
6 bits new) no authentication
Apr 14 11:39:43 mail imapd[3028]: starttls: TLSv1 with cipher AES256-SHA (256/25
6 bits reused) no authentication
Apr 14 11:43:48 mail ctl_cyrusdb[3074]: checkpointing cyrus databases
Apr 14 11:43:48 mail ctl_cyrusdb[3074]: done checkpointing cyrus databases
Apr 14 11:49:57 mail saslauthd[3006]: Caught signal 15. Cleaning up and terminat
ing.
Apr 14 11:49:57 mail imapd[3025]: size read failed
Apr 14 11:49:57 mail imapd[3025]: Password verification failed
Apr 14 11:49:57 mail imapd[3025]: badlogin: [10.0.0.2] plain [SASL(-1): generic
failure: Password verification failed]
Apr 14 11:49:57 mail imapd[3028]: size read failed
Apr 14 11:49:57 mail imapd[3028]: Password verification failed
Apr 14 11:49:57 mail imapd[3028]: badlogin: [10.0.0.2] plain [SASL(-1): generic
failure: Password verification failed]
Apr 14 11:50:00 mail imapd[3025]: cannot connect to saslauthd server: Connection
refused
Apr 14 11:50:00 mail imapd[3025]: badlogin: [10.0.0.2] plaintext whde0002 SASL(-
1): generic failure: checkpass failed
Apr 14 11:50:00 mail imapd[3028]: cannot connect to saslauthd server: Connection
refused
Apr 14 11:50:00 mail imapd[3028]: badlogin: [10.0.0.2] plaintext whde0002 SASL(-
1): generic failure: checkpass failed
Apr 14 11:50:02 mail saslauthd[3136]: START: saslauthd 2.1.10
Apr 14 11:50:02 mail saslauthd[3141]: master PID is: 3141
Apr 14 11:50:02 mail saslauthd[3141]: daemon started, listening on /var/run/sasl
authd/mux
Apr 14 11:50:03 mail imapd[3025]: badlogin: [10.0.0.2] plain [SASL(-1): generic
failure: checkpass failed]
Apr 14 11:50:03 mail imapd[3028]: badlogin: [10.0.0.2] plain [SASL(-1): generic
failure: checkpass failed]
Apr 14 11:52:23 mail imapd[3159]: starttls: TLSv1 with cipher AES256-SHA (256/25
6 bits new) no authentication
Apr 14 11:54:01 mail imapd[3165]: starttls: TLSv1 with cipher AES256-SHA (256/25
6 bits new) no authentication
Apr 14 12:13:47 mail ctl_cyrusdb[3226]: checkpointing cyrus databases
Apr 14 12:13:48 mail ctl_cyrusdb[3226]: done checkpointing cyrus databases
Apr 14 12:43:47 mail ctl_cyrusdb[3316]: checkpointing cyrus databases
Apr 14 12:43:47 mail ctl_cyrusdb[3316]: done checkpointing cyrus databases
Apr 14 13:13:47 mail ctl_cyrusdb[3407]: checkpointing cyrus databases
Apr 14 13:13:47 mail ctl_cyrusdb[3407]: done checkpointing cyrus databases
Apr 14 13:43:47 mail ctl_cyrusdb[3497]: checkpointing cyrus databases
Apr 14 13:43:48 mail ctl_cyrusdb[3497]: done checkpointing cyrus databases
Apr 14 14:13:47 mail ctl_cyrusdb[3588]: checkpointing cyrus databases
Apr 14 14:13:47 mail ctl_cyrusdb[3588]: done checkpointing cyrus databases
Apr 14 14:43:47 mail ctl_cyrusdb[3678]: checkpointing cyrus databases
Apr 14 14:43:48 mail ctl_cyrusdb[3678]: done checkpointing cyrus databases
Apr 14 15:13:47 mail ctl_cyrusdb[3769]: checkpointing cyrus databases
Apr 14 15:13:47 mail ctl_cyrusdb[3769]: done checkpointing cyrus databases
Apr 14 15:31:16 mail sshd(pam_unix)[3821]: session opened for user root by (uid=
0)
---------------------------------------------------------------------------------
/var/log/maillog
Apr 14 17:23:28 mail postfix/pickup[4378]: fatal: unsupported dictionary type: m
ysql
Apr 14 17:23:29 mail postfix/qmgr[4379]: fatal: unsupported dictionary type: mys
ql
Apr 14 17:23:29 mail postfix/master[587]: warning: process /usr/libexec/postfix/
pickup pid 4378 exit status 1
Apr 14 17:23:29 mail postfix/master[587]: warning: /usr/libexec/postfix/pickup:
bad command startup -- throttling
Apr 14 17:23:30 mail postfix/master[587]: warning: process /usr/libexec/postfix/
qmgr pid 4379 exit status 1
Apr 14 17:23:30 mail postfix/master[587]: warning: /usr/libexec/postfix/qmgr: ba
d command startup -- throttling
Apr 14 17:23:48 mail postfix/smtpd[4380]: fatal: unsupported dictionary type: my
sql
Apr 14 17:23:49 mail postfix/master[587]: warning: process /usr/libexec/postfix/
smtpd pid 4380 exit status 1
Apr 14 17:23:49 mail postfix/master[587]: warning: /usr/libexec/postfix/smtpd: b
ad command startup -- throttling
[root at mail root]# ps -aux | grep master
root 587 0.0 0.3 3012 480 ? S Apr13 0:00 [master]
cyrus 611 0.0 0.2 3292 296 ? S Apr13 0:00 [master]
root 4391 0.0 0.0 172 16 pts/1 R 17:25 0:00 grep master
[root at mail root]#
> -----Original Message-----
> From: miah [mailto:jjohnson at sunrise-linux.com]
> Sent: Wednesday, April 14, 2004 07:08 AM
> To: discuss at blu.org
> Subject: Re: postfix + tls
>
> SSL can operate over 25/tcp, but the user has to issue a STARTTLS command. I'm betting here that the host he's telnet'ing from isnt resolving and he's got postfix setup to not work with hosts that dont resolve, or some other issue thats not related to SSL/SASL. The only reason you need to run SMTP over SSL (as with 465/tcp) is for broken clients that don't issue a STARTTLS (like older versions of outlook), these clients try to establish a ssl connection to the host and then issue smtp commands.
>
> -miah
>
> On Wed, Apr 14, 2004 at 12:45:21PM -0400, Chris Devers wrote:
> > On Wed, 14 Apr 2004, Bill Holt wrote:
> >
> > > Hello, I am using cyrus imap and postfix smtp, and all was well, then
> > > I decided to add tls support, now when I test it (telnet localhost 25)
> > > It connects but I cannot get a response to any commands:ie: ehlo
> > > localhost
> >
> > If you're now using SSL encrypted SMTP, are you still using the standard
> > SMTP port 25? My copy of /etc/services suggests that SSMTP (SMTP over
> > SSL) uses port 465, not 25. Have you tried that?
> >
> >
> > --
> > Chris Devers
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list