Univention Bugzilla – Bug 44811
relay setting forcing TLS also on amavis connection
Last modified: 2017-06-19 15:04:57 CEST
4.2 erratum 36 (Bug #44589) forces all SMTP client connections to be encrypted, when relaying. That includes those to Amavis - which isn't supported. https://help.univention.com/t/mail-transport-unavailable-seit-update-auf-4-2-0-errata-45/5957/8 https://help.univention.com/t/kopano-postfix-tls-problem/5976/2 An exception for amavis is needed.
r80269: create possibility to set SMTP client TLS policy r80270: update advisory r80271: merge to 4.2-1 Package: univention-mail-postfix Version: 11.0.1-9A~4.2.0.201706191026 Branch: ucs_4.2-0 Scope: errata4.2-0
r80276: undo global encryption setting from Bug #44589 if relaying is enabled, set it only for mail/relayhost r80277: update advisory univention-mail-postfix (11.0.1-10A~4.2.0.201706191111)
r80278: allow setting additional lookup tables for the Postfix SMTP client TLS security policy r80279: update advisory univention-mail-postfix (11.0.1-11A~4.2.0.201706191133)
r80284: change UCRV format to support IPv6 addresses r80285: fix default UCR value for amavis r80286: update advisory univention-mail-postfix (11.0.1-13A~4.2.0.201706191217)
80291: handle subdomains safer, run postmap when installing, wording 80292: merge to 4.2-1 80293: update advisory univention-mail-postfix 11.0.1-14A~4.2.0.201706191335)
--: added ucs-test scripts 00_checks/81_check_tls_policy_default 40_mail/48_smtp_tls_policy_map OK: advisory OK: code change OK: receive mail with default settings OK: receive mail with enabled relayhost+relayauth OK: send mail with enabled relayhost+relayauth (see below) OK: merged to UCS 4.2-1 # ucr set mail/relayhost='[10.200.18.70]:587' mail/relayauth="yes" # echo "[10.200.18.70]:587 ben@nstx.local:univention99" > /etc/postfix/smtp_auth # postmap /etc/postfix/smtp_auth # invoke-rc.d postfix restart # echo "TEST" | mail -s "TEST1" noreply@univention.com # cat /etc/postfix/tls_policy | grep 18.70 [10.200.18.70]:587 encrypt # Jun 19 14:07:54 master30 amavis[28613]: (28613-01) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <root@master30.nstx.local> -> <noreply@univention.de>, Message-ID: <20170619120753.3CB5B80151@master30.nstx.local>, mail_id: mf4iXDY76J2I, Hits: -0.001, size: 315, queued_as: 45D5980136, 467 ms Jun 19 14:07:54 master30 postfix/smtp[4575]: 3CB5B80151: to=<noreply@univention.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.31/0.31/0.05/0.44, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 45D5980136) Jun 19 14:07:54 master30 postfix/qmgr[4568]: 3CB5B80151: removed Jun 19 14:07:55 master30 postfix/smtp[4580]: 45D5980136: to=<noreply@univention.de>, relay=10.200.18.70[10.200.18.70]:587, delay=1.6, delays=0.07/0.03/0.31/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 74D9F1C0998) # cat /etc/postfix/tls_policy | grep 18.70 [10.200.18.70]:587 none # postmap /etc/postfix/tls_policy # invoke-rc.d postfix restart # echo "TEST" | mail -s "TEST2" noreply@univention.com Jun 19 14:09:09 master30 postfix/smtp[4825]: 688EB80136: to=<noreply@univention.de>, relay=10.200.18.70[10.200.18.70]:587, delay=0.12, delays=0.08/0.03/0.01/0, dsn=5.7.0, status=bounced (host 10.200.18.70[10.200.18.70] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
<http://errata.software-univention.de/ucs/4.2/49.html>