Having a problem on a clean install of Centos 5.4 with VMin loaded
Followed Documentation in the documentation section but only seems to activate the TLS on mail inbound to the server. Doesnt activate outbound STARTTLS.
Verified that maillog shows no errors or warnings
I did some google searches and added these lines that were mentioned in the centos wiki:
smtp_tls_security_level = may
I have two servers that I have tested with that I will require TLS for but neither issue STARTTLS command.
One requires TLS to connect and fails with an error saying STARTTLS not sent and disconnects.
Other recieves mail but always goes non TLS. That server recieves TLS mail from other servers daily.
smtpd_use_tls = yes and smtp_use_tls = yes
have been replaced with
smtpd_tls_security_level = encrypt (encrypt = forced tls)
smtp_tls_security_level = may (may = when available)
I added the
smtpd_tls_received_header = yes
sent a test message and errors show the same.
Its almost like postfix is never probing the second server to see what protocols can be used.
As you’re aware, you’ll have to test against a server which you are certain(*) accepts, or requires, TLS.
Try setting your smtp client configuration smtp_tls_security_level from ‘may’ to ‘encrypt’ for debugging this.
Use smtp_tls_loglevel = 2
Use smtp_tls_note_starttls_offer = yes
Check your other smtp_tls_* parameters aren’t inducing your trouble.
Maybe add the target server to your debug_peer_list and adjust debug_peer_level up as necessary in order to learn from your logfile.
Verify that your cert and key files exist, though the debug logs should disclose this for you.
postconf |egrep “smtpd*tls(cert|key).*file”
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
See the TLS_README file
(*)if you need something to verify that your remote smtpd server uses or requires TLS, install and use the ‘swaks’ package|utility.
You’ll want to make sure that the “submission” is enabled… you can do that by editing /etc/postfix/master.cf, and uncomment the lines relating to “submission”. After enabling it, you’ll need to restart Postfix.
If that doesn’t work, what error are you receiving in Thunderbird when you attempt to connect? Also, what shows up in /var/log/maillog?
Lastly, if you enable SMTPS in the master.cf, are you able to connect on port 465?