I need to use a smarthost as my Internet provider blocks port 25 at home.
So incoming is set to the bsmtp server of my host provider, outgoing is set to their smarthost where I need to authenticate.
For me one thing is certain after searching without real postfix knowledge, we have to set "smtp_" variables as we are talking about the SMTP outgoing part here.
A setting already there in the main.cf postfix config, once you installed EFA:
Code: Select all
smtpd_use_tls = yes
smtp_use_tls = yes
Code: Select all
relayhost = [smtp.myhostprovider.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_auth_only = yes
Code: Select all
smtp_sasl_auth_enable = yes
Do realise I have used postmap to hash the password file set in smtp_sasl_password_maps, I even set it to static:myusername:mypassword.
But whatever I try, I always get a bounce from my smarthost.
bounced (host smtp.myhostprovider.com[xx.xx.xx.xx] said: 554 5.7.1 Recipient address rejected: Authentication required (in reply to RCPT TO command))
It looks like we are using postfix version 2.1? (Somewhere in main.cf it shows but could be an old config file?)
So basically I cannot set the log level any higher than 1 in postfix for TLS logging? Something I read...
So we tried:
Code: Select all
smtp_tls_security_level = encrypt
If I set this setting to "may", it sends the report and you can see it being sent, but fails eventually being bounced by the smarthost.
So we think something is preventing the actual username/password to be sent correctly?
I can succesfully connect to the smarthost with an online tester but not with the postfix in EFA3 and EFA4.
So I am getting lost here, leaving me a few options:
- Dig into EFA's postfix deeper and try to understand what is going on. (Is the actual certificate after a clean install EFA4 active/valid for TLS?)
- Install a clean CentOS7 with postfix and build an intermediate smarthost between EFA and my smarthost (to prove that postfix can actually connect to my smarthost)
- Use my Windows hypervisor where EFA runs on and activate the IIS smtp service as an intermediate (figuring out stuff with local certificates first)