I was trying to set up a mail server with no luck. I want it to accept mail from authenticated users only and deliver them. I want the users to be able to connect over the internet. Ideally the mail server wouldn't accept any incoming mail. Essentially I want it to accept messages on a receiving port and transfer them to the intended recipient out port 25.
If anyone has some good links and guides that would be awesome. I am quite familiar with linux but have never played around with MTA's and am currently running debian 6.
More Specific Problem!
Sorry, that was general and postfix is complex.
I am having trouble enabling the submission port with encryption and authentication.
What Works:
- Sending mail from the local machine. (
sendmail [email protected]). - Ports are open. (25 and 587)
- Connecting to 587 appears to work, I get a "need to starttls" warning and starttls appears to work.
But when I try to connect with the next command I get the error below.
# openssl s_client -connect localhost:587 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=localhost.localdomain
verify return:1
---
Certificate chain
0 s:/CN=localhost.localdomain
i:/CN=localhost.localdomain
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvDCCAaQCCQCYHnCzLRUoMTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVs
b2NhbGhvc3QubG9jYWxkb21haW4wHhcNMTIwMjE3MTMxOTA1WhcNMjIwMjE0MTMx
OTA1WjAgMR4wHAYDVQQDExVsb2NhbGhvc3QubG9jYWxkb21haW4wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEFA/S6VhJihP6OGYrhEtL+SchWxPZGbgb
VkgNJ6xK2dhR7hZXKcDtNddL3uf1YYWF76efS5oJPPjLb33NbHBb9imuD8PoynXN
isz1oQEbzPE/07VC4srbsNIN92lldbRruDfjDrAbC/H+FBSUA2ImHvzc3xhIjdsb
AbHasG1XBm8SkYULVedaD7I7YbnloCx0sTQgCM0Vjx29TXxPrpkcl6usjcQfZHqY
ozg8X48Xm7F9CDip35Q+WwfZ6AcEkq9rJUOoZWrLWVcKusuYPCtUb6MdsZEH13IQ
rA0+x8fUI3S0fW5xWWG0b4c5IxuM+eXz05DvB7mLyd+2+RwDAx2LAgMBAAEwDQYJ
KoZIhvcNAQEFBQADggEBAAj1ib4lX28FhYdWv/RsHoGGFqf933SDipffBPM6Wlr0
jUn7wler7ilP65WVlTxDW+8PhdBmOrLUr0DO470AAS5uUOjdsPgGO+7VE/4/BN+/
naXVDzIcwyaiLbODIdG2s363V7gzibIuKUqOJ7oRLkwtxubt4D0CQN/7GNFY8cL2
in6FrYGDMNY+ve1tqPkukqQnes3DCeEo0+2KMGuwaJRQK3Es9WHotyrjrecPY170
dhDiLz4XaHU7xZwArAhMq/fay87liHvXR860tWq30oSb5DHQf4EloCQK4eJZQtFT
B3xUDu7eFuCeXxjm4294YIPoWl5pbrP9vzLYAH+8ufE=
-----END CERTIFICATE-----
subject=/CN=localhost.localdomain
issuer=/CN=localhost.localdomain
---
No client certificate CA names sent
---
SSL handshake has read 1605 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: E07926641A5EF22B15EB1D0E03FFF75588AB6464702CF4DC2166FFDAC1CA73E2
Session-ID-ctx:
Master-Key: 454E8D5D40380DB3A73336775D6911B3DA289E4A1C9587DDC168EC09C2C3457CB30321E44CAD6AE65A66BAE9F33959A9
Key-Arg : None
Start Time: 1349059796
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 DSN
read:errno=0
If I try to connect from evolution I get the following error:
The reported error was "HELO command failed: TCP connection reset by peer".
As you are referring Postfix it is unclear to me if you already read the documentation at all?!
The basic configuration gives you everything you need for the first steps. Then go ahead with some standard configurations. If you are done with them, come back with a more concrete question.
Otherwise I have to state: Yes this is truly feasible and can be done very easily (if you read the documentation)