Am 17.11.2014 um 14:30 schrieb Stanislas SABATIER:
I build the 20141115 nigthly release and succeeded to enforce TLS over LMTP between Postfix and Dovecot. But, I see the following error in maillog after each incoming message :
Nov 17 14:12:20 lmtp(291): Info: Connect from xx.xx.xx.xx Nov 17 14:12:20 lmtp(xxxx@yyyyy.zzz): Info: bdlxGjT0aVQjAQAAd7W7Aw: msgid=B8D97FA0-E0AC-412F-A182-52B6ADF29ADC@xxxx.zz: saved mail to INBOX Nov 17 14:12:20 lmtp(291): Info: Disconnect from xx.xx.xx.xx: Successful quit Nov 17 14:12:20 lmtp(291): Error: kevent(EV_DELETE, 12) failed: Bad file descriptor
works here too, dont have any errors for small testings but looks like i need to reread all lmtp tls stuff now *g
2014-11-17T15:58:19.516398+01:00 mail dovecot: lmtp(19281): Connect from 127.0.0.1 2014-11-17T15:58:19.516798+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x10, ret=1: before/accept initialization 2014-11-17T15:58:19.516808+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: before/accept initialization 2014-11-17T15:58:19.516817+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=-1: unknown state 2014-11-17T15:58:19.517092+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=-1: unknown state 2014-11-17T15:58:19.517119+01:00 mail dovecot: lmtp(19281): Debug: SSL_get_servername() failed 2014-11-17T15:58:19.517134+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A 2014-11-17T15:58:19.517147+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A 2014-11-17T15:58:19.517251+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A 2014-11-17T15:58:19.522535+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A 2014-11-17T15:58:19.522553+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A 2014-11-17T15:58:19.522562+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 flush data 2014-11-17T15:58:19.522579+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A 2014-11-17T15:58:19.525910+01:00 mail dovecot: message repeated 2 times: [ lmtp(19281): Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A] 2014-11-17T15:58:19.527497+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A 2014-11-17T15:58:19.527572+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A 2014-11-17T15:58:19.527596+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A 2014-11-17T15:58:19.527614+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A 2014-11-17T15:58:19.527625+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 flush data 2014-11-17T15:58:19.527631+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully 2014-11-17T15:58:19.527648+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
Le 17 nov. 2014 à 12:18, Stanislas SABATIER s.sabatier@pobox.com a écrit :
Thanks. I'll install latest release on my sandbox to test LMTPS with Postfix. As soon as I tested, I'll report in this forum.
Regards, Stan. Le 17 nov. 2014 à 11:46, Timo Sirainen tss@iki.fi a écrit :
It was implemented AFTER 2.2.15 release. Requires a recent hg version / recent nightly snapshot. See http://hg.dovecot.org/dovecot-2.2 or http://dovecot.org/nightly/
On 17 Nov 2014, at 02:38, Stanislas SABATIER s.sabatier@pobox.com wrote:
It did not work with 2.2.13 nor with 2.2.15
Le 17 nov. 2014 à 11:34, Timo Sirainen tss@iki.fi a écrit :
On 17 Nov 2014, at 02:27, Reindl Harald h.reindl@thelounge.net wrote:
Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: > I setup a service in master.conf like this : > > dovecotsandbox unix - - n - 10 lmtp > -o lmtp_send_xforward_command=yes > -o lmtp_tls_security_level=encrypt > > Then I tried to add starttls option : > -o lmtp_tls_note_starttls_offer=yes > > But Postfix still can't deliver the email. Postfix log : > (…) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx])
that you should have included in your first post as somebody else said: seems not to be supported now
just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port
I thought the problem was with the new LMTP STARTTLS command that was added after v2.2.15 release. But if not, try the latest hg version and see if it works.
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein