Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service
On Sun, 09 May 2010 17:06:52 +0100, Clive Standbridge wrote:
> I'm trying in vain to relay external mail from postfix on a Debian lenny
> machine to a Microsoft SMTP server on the Internet. I've been reading
> and searching for days. I've tried numerous combinations of settings
> although I'm note certain what they all do and am experiencing
> information overload.
O.k. Then you need to setup Postfix SSL/TLS acting as client, not server.
(...)
> When I change relayhost to NEWSERVER:587, the mail gets stuck in
> postfix. In /var/log/mail.log I see "Authentication unsuccessful".
(...)
> So my questions are:
> * How can I fix this in Postfix?
Let's see the logs...
> * Can Postfix do this? Or do I need to change to something else e.g.
> Exim?
Yes, you can setup Postfix for this.
> * What does IceDove do that Postfix doesn't?
Logs will tell.
> The rest of this mail contains more detail.
>
> I've tried with:
> * smtp_sasl_security_options set to noanonymous and empty *
> smtp_tls_security_level set to "may", "none", "encrypt" and not set. *
> relayhost set to NEWSERVER:587 and [NEWSERVER]:587 in main.cf and
> sasl_passwd (kept them in step and updated sasl_passwd.db each time)
The doc you have to follow stands here:
http://www.postfix.org/SASL_README.html#client_sasl
> /var/log/mail.log:
(...)
> May 9 16:30:01 rimmer postfix/smtp[10643]: certificate verification failed for NEWSERVER[NEWSERVER-IPADDR]:587: untrusted issuer /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
Server replies that does not trust the issuer of that CA.
(...)
> May 9 16:30:01 rimmer postfix/smtp[10643]: Untrusted TLS connection established to NEWSERVER[NEWSERVER-IPADDR]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
I guess your are having problems with the certificate itself. It cannot
be verified by the remote server.
Note: I think Thunderbird uses its own SSL CA root certificates database...
Greetings,
--
Camaleón
Reply to: