John wrote:
G T Smith wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
John wrote:
Hi,
I'm still trying to send email from my mobile phone through my Postfix (on SuSE 10.0) server. I believe I have a TLS connection set up and working but the server does not allow me to relay mail from my phone to external recipients. Copy of log for such an attempt follows:
Just a little question. In your config below I see two possibilities to authenticate: either by using conventional user/pass or by using a client certificate. Which one are you trying to implement? Did you test both of them?
postconf output follows: broken_sasl_auth_clients = yes mynetworks = 127.0.0.0/8, 192.168.74.0/24, 192.168.80.0/24, 10.0.0.0/24 relay_clientcerts = hash:/etc/postfix/relay_ccerts smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = no
Er, hello?!? If you want to use smtp auth you need to set this to "yes"! smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /Certificates/ssl/Authority/CA.crt smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /Certificates/ssl/Certificate/PostOffice.DMJ-Consultancy.me.uk.unc smtpd_tls_key_file = /Certificates/ssl/Key/PostOffice.DMJ-Consultancy.me.uk.unc smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_req_ccert = yes smtpd_use_tls = yes
The rest looks fine. If you are trying to use client certs, did you put the client cert on your phone? I don't remember seeing a line in the tls log where the client (your phone) is presenting a client certificate. If you can't get saslfinger to work, please show the output of the last line of this command (the capabilities of your server after a tls connection has been established and the ehlo command is invoked. openssl s_client -starttls smtp -connect localhost:25 ehlo localhost Please also post the content of /usr/lib/sasl2/smtpd.conf. If you are trying to use client certificates for authentication please also post the content of /etc/postfix/relay_ccerts and verify that it is indeed the fingerprint of your client certificate. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org