# postfix relay, sasl auth.



## graudeejs (Nov 14, 2010)

Hello!
I'm trying to setup public mail relay server with sasl authorization.
It drives me nuts... config works, when sending form trusted networks (when IP is listed in mynetworks), hiwever, as soon as I remove IP from mynetworks, I get:


```
The mail system

<killasmurf86@gmail.com>: host smtp.bsdroot.lv[83.241.11.155] said: 530 5.7.0
    Must issue a STARTTLS command first (in reply to MAIL FROM command)

--BAD8173080.1289765282/desktop.pc
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; desktop.pc
X-Postfix-Queue-ID: BAD8173080
X-Postfix-Sender: rfc822; killasmurf86@desktop.pc
Arrival-Date: Sun, 14 Nov 2010 22:08:02 +0200 (EET)

Final-Recipient: rfc822; killasmurf86@gmail.com
Action: failed
Status: 5.7.0
Remote-MTA: dns; smtp.bsdroot.lv
Diagnostic-Code: smtp; 530 5.7.0 Must issue a STARTTLS command first
```

I've been googling, and googling and testing and googling and reading and googlin... nothing....

Can anyone have any idea?
Tell me what settings you need to know, I will provide them.

Could this be related to fact, that I use self generated, self signed certificates on bough server and client postfix?


----------



## graudeejs (Nov 14, 2010)

With same config (on client side) desktop pc is working and laptop is not....
It makes no sense.

Note that both are not whitelisted (in mynetworks)


----------



## brd@ (Nov 15, 2010)

Do you have:

```
smtpd_tls_auth_only = yes
```
in your main.cf?


----------



## graudeejs (Nov 15, 2010)

sure (on server)


----------



## brd@ (Nov 15, 2010)

Then your client needs to use TLS/SSL when it connects, otherwise it will not offer the AUTH mechanisms and will reject the message.


----------



## graudeejs (Nov 15, 2010)

It does... eh. I will "wireshark", to have closer looks, at what exactly is going on


----------



## brd@ (Nov 15, 2010)

Look at the Postfix logs as well.


----------

