Exchange does not work with TLS and SASL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Exchange does not work with TLS and SASL

Jose Manuel Pozo Pozo
Good night.

The first, sorry for my English :(

I have a problem with TLS and SASL implementation. My scenario is:

Exchange 2003 (mailbox) -> Postfix (relay) -> Internet

I use Postfix in a Centos 5. Also I use Amavisd+ClamAV+Spamassassin and all it's running correctly. My users use OWA. The problem is when I want to configure TLS and SASL that not run.

In my Exchange 2003, in Protocols->SMTP->Access, I have marked the option TLS.

When I want to send an email, this is the result of tail -f /var/log/maillog

May 22 01:08:44 relay postfix/smtpd[3434]: connect from exchange.zubero.local[192.168.1.11]
May 22 01:08:45 relay postfix/smtpd[3434]: 8385458576: client=exchange.zubero.local[192.168.1.11]
May 22 01:08:45 relay postfix/cleanup[3436]: 8385458576: message-id=<8ECDCAE4-1D0B-4CD2-9558-65020330F732@mimectl>
May 22 01:08:45 relay postfix/smtpd[3434]: disconnect from exchange.zubero.local[192.168.1.11]
May 22 01:08:45 relay postfix/qmgr[32455]: 8385458576: from=<[hidden email]>, size=1421, nrcpt=1 (queue active)
May 22 01:08:46 relay clamd[30417]: SelfCheck: Database status OK.
May 22 01:08:55 relay postfix/smtpd[3440]: connect from pruebas[127.0.0.1]
May 22 01:08:55 relay postfix/smtpd[3440]: 76A5258581: client=pruebas[127.0.0.1]
May 22 01:08:55 relay postfix/cleanup[3436]: 76A5258581: message-id=<8ECDCAE4-1D0B-4CD2-9558-65020330F732@mimectl>
May 22 01:08:55 relay amavis[32522]: (32522-01) Passed CLEAN, MYNETS LOCAL [192.168.1.11] <[hidden email]> -> <[hidden email]>, Message-ID: <8ECDCAE4-1D0B-4CD2-9558-65020330F732@mimectl>, mail_id: 8sMbKFbsmOn2, Hits: -0.306, size: 1420, queued_as: 76A5258581, 9739 ms
May 22 01:08:55 relay postfix/smtp[3437]: 8385458576: to=<[hidden email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=10, delays=0.51/0.12/0.11/9.7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 76A5258581)
May 22 01:08:55 relay postfix/smtpd[3440]: disconnect from pruebas[127.0.0.1]
May 22 01:08:55 relay postfix/qmgr[32455]: 8385458576: removed
May 22 01:08:55 relay postfix/qmgr[32455]: 76A5258581: from=<[hidden email]>, size=1848, nrcpt=1 (queue active)
May 22 01:09:02 relay postfix/smtp[3441]: 76A5258581: to=<[hidden email]>, relay=gmail-smtp-in.l.google.com[66.249.93.114]:25, delay=7.1, delays=0.08/0.05/2.9/4.1, dsn=2.0.0, status=sent (250 2.0.0 OK 1211415680 m4si3961240ugc.31)
May 22 01:09:02 relay postfix/qmgr[32455]: 76A5258581: removed

When I connect for telnet,

220 relay.zubero.eu
helo epi
502 5.5.2 Error: command not recognized
ehlo epi
250-relay.zubero.eu
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


My main.cf,

#postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
html_directory = no
invalid_hostname_reject_code = 554
local_recipient_maps = hash:/etc/postfix/exchange_recipients
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
multi_recipient_bounce_reject_code = 554
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = zubero.eu
myhostname = relay.zubero.eu
mynetworks = 192.168.1.11
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
queue_directory = /var/spool/postfix
queue_minfree = 120000000
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname
smtpd_helo_required = yes
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transportList
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554


#cat /usr/lib/sasl2/smtp.conf
pwcheck_method: saslauthd
mech_list: plain login
log_level: 5


Loading...