Exempting localhost from STARTTLS
in [Postfix]
|
From: Gerard on 10 Sep 2009 07:27 On Wed, 9 Sep 2009 15:30:22 -0400 (EDT) wietse(a)porcupine.org (Wietse Venema) wrote: > Gerard: > > I use fetchmail to harvest mail from a couple of accounts. I added > > this to the main.cf file and fetchmail stopped delivering mail. > >=20 > > smtpd_tls_security_level =3D encrypt > >=20 > > This was the error message: > >=20 > > fetchmail: SMTP error: 530 5.7.0 Must issue a STARTTLS command first > > fetchmail: SMTP server requires STARTTLS, keeping message. >=20 > /etc/postfix/master.cf: > 192.168.1.1:smtp inet n - - - - > smtpd 127.0.0.1:smtp inet n - - - - > smtpd -o smtpd_tls_security_level=3Dmay >=20 > > I then added this to the main.cf file: > >=20 > > smtpd_sasl_exceptions_networks =3D localhost >=20 > That controls SASL not TLS. >=20 > Wietse I had to modify that slightly and use 192.168.1.103 instead. I received an error about not being able to bind to the address. Unfortunately, there still seems to be a problem. The clamav-milter is now apparently not working correctly. =46rom maillog: Sep 10 07:15:18 scorpio postfix/smtpd[59459]: connect from unknown[127.0.0.= 1] Sep 10 07:15:18 scorpio postfix/smtpd[59459]: warning: connect to Milter se= rvice unix:/var/run/clamav/clmilter.sock: No such file or directory Sep 10 07:15:18 scorpio postfix/smtpd[59459]: 1BF4322834: client=3Dunknown[= 127.0.0.1] I checked, and clamav-milter is running and the file does exist: srwxrwxr-x 1 clamav postfix 0B Sep 10 07:14 clmilter.sock=3D In any case, I have activated the submission port and am attempting to get all the mail users to use that instead. So far, so good. --=20 Gerard postfix.user(a)yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Likewise, the national appetizer, brine-cured herring with raw onions, wins few friends, Germans excepted. Darwin Porter "Scandinavia On $50 A Day"
From: Wietse Venema on 10 Sep 2009 08:32
Gerard: > On Wed, 9 Sep 2009 15:30:22 -0400 (EDT) > wietse(a)porcupine.org (Wietse Venema) wrote: > > > Gerard: > > > I use fetchmail to harvest mail from a couple of accounts. I added > > > this to the main.cf file and fetchmail stopped delivering mail. > > > > > > smtpd_tls_security_level = encrypt > > > > > > This was the error message: > > > > > > fetchmail: SMTP error: 530 5.7.0 Must issue a STARTTLS command first > > > fetchmail: SMTP server requires STARTTLS, keeping message. > > > > /etc/postfix/master.cf: > > 192.168.1.1:smtp inet n - - - - > > smtpd 127.0.0.1:smtp inet n - - - - > > smtpd -o smtpd_tls_security_level=may > > > > > I then added this to the main.cf file: > > > > > > smtpd_sasl_exceptions_networks = localhost > > > > That controls SASL not TLS. > > > > Wietse > > I had to modify that slightly and use 192.168.1.103 instead. I received > an error about not being able to bind to the address. > > Unfortunately, there still seems to be a problem. The clamav-milter is > now apparently not working correctly. Use Victor's suggestion instead. smtpd_tls_security_level = may smtpd_client_restrictions = permit_mynetworks, reject_plaintext_session Wietse |