Hello,
I have Postfix + SASL2 + Cyrus running on my FreeBSD system. Everything
works fine so far, but there's a problem when I'm trying to connect to
the server using a SSL connection with Thunderbird as mail client. The
connection always timed out I couldn't find any hints in the maillog
what's going wrong. When I use Outlook to connect to my mail server
using SSL everything works fine. When I use Thunderbird to connect via
SSL with other mail servers (e.g. GMX) this works fine, too. But
Thunderbird to my mail server via SSL failed. Also TLS to my mail
server works with Thunderbird. Can anyone give me hint what the problem
might be?
Thanks in advance.
Gunnar Frenzel

Gunnar_Frenzel@web.de wrote:
> Hello,
> I have Postfix + SASL2 + Cyrus running on my FreeBSD system. Everything
> works fine so far, but there's a problem when I'm trying to connect to
> the server using a SSL connection with Thunderbird as mail client. The
> connection always timed out I couldn't find any hints in the maillog
> what's going wrong. When I use Outlook to connect to my mail server
> using SSL everything works fine. When I use Thunderbird to connect via
> SSL with other mail servers (e.g. GMX) this works fine, too. But
> Thunderbird to my mail server via SSL failed. Also TLS to my mail
> server works with Thunderbird. Can anyone give me hint what the problem
> might be?
> Thanks in advance.
> Gunnar Frenzel

In the Thunderbird config, when you click back and forth between
TLS and SSL, notice that the number changes back and forth from
port 25 to 465.

Click on SSL, and manually change the port number to 25 (or whichever
Postfix SMTP port you use), and Thunderbird should work.

The use of port 465 for a Postfix SSL wrapper is depricated. STARTTLS on
the standard SMTP port is used now.

I hope this s.
--
Greg

I tried setting the connection to SSL with port 25. Now I see two
connects in the maillog but it still doesn't work to send the mail.
What confuses me is that Thunderbird is able to establish a connection
using SSL on port 465 when connecting to the Freemail provider GMX but
not using SSL on port 465 with my mail server configuration. Otherwise
is Outlook and Outlook Express able to connect to my mail server
configuration using SSL on port 465 so it seems like there's a
difference in how my mail server handles Outlook or Outlook Express
connections and Thunderbird connections when both using SSL on port
465.

Gunnar_Frenzel@web.de wrote:
> Otherwise is Outlook and Outlook Express able to connect to my mail server
> configuration using SSL on port 465 so it seems like there's a
> difference in how my mail server handles Outlook or Outlook Express
> connections and Thunderbird connections when both using SSL on port
> 465.

What service is running on port 465 ? TCP Wrapper?

Just out of curiosity, is your smtpd program linked with the OpenSSL libraries ?
On my system, the command is:

$ ldd /usr/libexec/postfix/smtpd
linux-gate.so.1 => (0xb7fe3000)
libssl.so.4 => /lib/libssl.so.4 (0x004a3000) <--- OpenSSL libraries
libcrypto.so.4 => /lib/libcrypto.so.4 (0x003b8000)
libldap-2.2.so.7 => /usr/lib/libldap-2.2.so.7 (0x02e17000)
liblber-2.2.so.7 => /usr/lib/liblber-2.2.so.7 (0x00512000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x004fc000) <---- SASL libs
libpcre.so.0 => /lib/libpcre.so.0 (0x00c82000)
libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x00a34000)
libnsl.so.1 => /lib/libnsl.so.1 (0x004d9000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00b81000)
libc.so.6 => /lib/tls/libc.so.6 (0x007dd000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00dc1000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00d5a000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00cb0000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00d37000)
libdl.so.2 => /lib/libdl.so.2 (0x0092f000)
libz.so.1 => /usr/lib/libz.so.1 (0x00935000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00603000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00a20000)
/lib/ld-linux.so.2 (0x007c3000)


--
Greg

ldd returns:
/usr/local/libexec/postfix/smtpd:
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x280ab000)
libpam.so.3 => /usr/lib/libpam.so.3 (0x280bf000)
libcrypt.so.3 => /lib/libcrypt.so.3 (0x280c6000)
libssl.so.3 => /usr/local/lib/libssl.so.3 (0x280de000)
libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x281a5000)
libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x28295000)
libc.so.6 => /lib/libc.so.6 (0x282bd000)





And sockstat tells the following for port 465:

USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN
ADDRESS
root master 611 14 tcp4 *:465 *:*

Well hey Gunnar, you know I've always got something else to try. :-)

Pull up a web browser on the same machine that you are running
Postfix on, and try this URL:

https://127.0.0.1:465

The output should look something like:


220 mysite.web.de ESMTP Postfix (2.2.9) ready
221 Error: I can break rules, too. Goodbye.

And the /var/log/maillog file (or equivalent) should look something like:

May 17 08:51:17 mysite postfix/smtpd[17173]: connect from localhost[127.0.0.1]
May 17 08:51:17 mysite postfix/smtpd[17173]: setting up TLS connection from localhost[127.0.0.1]
May 17 08:51:17 mysite postfix/smtpd[17173]: TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 17 08:51:17 mysite postfix/smtpd[17173]: warning: localhost[127.0.0.1] sent
non-SMTP command: GET /favicon.ico HTTP/1.1
May 17 08:51:17 mysite postfix/smtpd[17173]: disconnect from localhost[127.0.0.1]

This should test whether there's a local firewall issue for 127.0.0.1 on port 465, and
whether or not Postfix is able to set up a SSL connection. It if does work, then everything
sortof points back towards Thunderbird.

--
Greg