Prueba autenticación manual con OpenSSLopenssl s_client -connect smtp.servidor.com:587 -starttls smtp
gracias por la enseñanza, he corrido éste comando:
openssl s_client -connect HOSTNAME:25 -starttls smtp
y sále "perfecto":
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=E5
verify return:1
depth=0 CN=HOSTNAME
verify return:1
---
Certificate chain
0 s:CN=HOSTNAME
i:C=US, O=Let's Encrypt, CN=E5
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Jan 7 02:17:31 2025 GMT; NotAfter: Apr 7 02:17:30 2025 GMT
1 s:C=US, O=Let's Encrypt, CN=E5
i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
código
-----END CERTIFICATE-----
subject=CN=HOSTNAME
issuer=C=US, O=Let's Encrypt, CN=E5
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2665 bytes and written 441 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DC24C1BAC5D62AB810F1D7B10BD33461EB05F07E01E05C0E7FAF58D60EA473DA
Session-ID-ctx:
Resumption PSK: 47FD6218DE928B3018F5DF9D39025A5DADCFF01D83B6388E99DECE90A695C80465A1B5432CBD7D779B0A459128BA828D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
CODIGO BINARIO
Start Time: 1736379717
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
con ello véo que el TTLS y la conexión están bién, pero debo tener "algo mal" en POSTFIX.
...qué respuesta te da el servidor después del AUTH LOGIN
cuando le envío
AUTH LOGIN me responde:
[root@noel ~]# telnet HOSTNAME 25
Trying IP...
Connected to HOSTNAME.
Escape character is '^]'.
220 HOSTNAME ESMTP Postfix
EHLO HOSTNAME
250-HOSTNAME
250-PIPELINING
250-SIZE 30720000
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
AUTH LOGIN
535 5.7.8 Error: authentication failed: Invalid authentication mechanism
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@noel ~]#
debido a ello he cambiado el comando
AUTH LOGIN y envío
AUTH PLAIN el cual SI me acépta pero me responde con cualquier entrada de usuario:
[root@noel ~]# telnet HOSTNAME 25
Trying IP...
Connected to HOSTNAME.
Escape character is '^]'.
220 HOSTNAME ESMTP Postfix
EHLO HOSTNAME
250-HOSTNAME
250-PIPELINING
250-SIZE 30720000
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
AUTH PLAIN
334
=> => => aquí envío el CORREO/USUARIO en formato base 64
535 5.7.8 Error: authentication failed: (reason unavailable)
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@noel ~]#
por ello nunca puedo introducír la CONTRASEÑA,
por que al momento de pasar el USUARIO ( correo )
la respuesta de POSTFIX es
535:
535 5.7.8 Error: authentication failed: (reason unavailable)
Cambia en main.cf:
smtp_tls_security_level = may
smtp_sasl_security_options = noanonymous
siempre ha estado así:
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
inet_interfaces = all
smtp_tls_security_level = may
disable_vrfy_command = yes
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
Si esto tampoco lo arregla, avisa
gracias,
páso el avíso de que NO HE LOGRADO corregirlo