Prev-20 Home Next-20 2 msg Remote backup Postfix server 7 msg chose interface for outgoing mail 2 msg Illegal address syntax ... in MAIL command: <... 1 msg Mail Infrastructure and Zertificon 1 msg sasl password postfix TLS (configuration/user) problem \ Rasmus Andersen (13 Mar 2008) . \ mouss (13 Mar 2008) . . \ Rasmus Andersen (15 Mar 2008) . . . \ mouss (15 Mar 2008) . . . . \ Rasmus Andersen (16 Mar 2008) . . . . . \ mouss (16 Mar 2008) 7 msg Virtual Alias Domain 3 msg copy of email 2 msg DNS Caching? 5 msg Using mysql for mynetworks 5 msg Blocking e-mail from a domain, to a particular ... 5 msg prevent open relay 15 msg cannot get mail from outside to my smtp server 6 msg Error connecting Postfix to LDAP 5 msg Config ok for TLS/SASL/Client Cert via port 587? 7 msg mail flow architecture 3 msg virtual forward + deliver 1 msg Re: RESOLVED: Using Canonical Maps as an Overri... 14 msg dual mail server 3 msg how to specify different outgoing IP Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Mar-2008 Next-Thread Next-Msg Subject: Re: postfix TLS (configuration/user) problem Group: Postfix-users From: mouss Date: 16 Mar 2008 Rasmus Andersen wrote: > On Sat, Mar 15, 2008 at 06:42:00PM +0100, mouss wrote: > >> your anti-virus intercepts your smtp packets. to verify this, disable your >> AV (and/or your personal firewall) and try again. >> >> one thing you can do enable the submission service in master.cf and >> configure thunderbird to use port 587. chances are that your AV or FW won't >> catch this. >> >> otherwise, use an AV/FW that does not break TLS (avast, nod32, ...). >> > > Turning off avast made the problem go away. I hope you only turned off "outgoing" mail scanning. Unfortunately, even this is not satisfactory, so make sure your pc can only send via your postfix, where you can use clamav. > I actually doubted that this > would be the problem but there you are. Thanks for the pointer, I would > never had guessed that myself. BTW, why do AV do this and not just block > the connection or suchlike? > The AV is programmed for the "common case" (as of today). Most people do not use TLS, so the AV removes the STARTTLS keyword in the hope that the connection will go without it. here is a recommended setup: - enable the submission service in master.cf, and configure your MUA to use port 587 - enforce TLS and SASL on this port - scan mail with clamav or whatever you like - configure your MUA(s) to use this port with SASL and TLS - block outgoing port 25 except from the postfix server - block outgoing port 587 except to the postfix server or from the postfix server This should reduce the risks significantly. Prev-Msg Prev-Thread Postfix-users Mar-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com