1 Reply Latest reply: Nov 30, 2012 4:22 AM by MaLu_Swe
MaLu_Swe Level 1 Level 1 (0 points)

Last year I configured a Lion Server with mail and everything has worked flawlessly.

A month ago I installed a Thawte certificate on the mail server so iPhone and MacBook users could access mail outside of the network.

 

Everything seems to be working perfect for all services, except for SMTP. When some, too many but far from all, mail servers try to deliver mail to the domain, they fail. I've configured mail services to USE (not require) the Thawte certificate on SMTP.

Kerberos and CRAM-MD5 are also configured for SMTP.

 

Among these mail servers who is failing are Microsoft Office 365 servers, they can't deliver mail.

In the SMTP log it says "postfix/smtpd SSL_accept error from".

 

The log reads:

Nov 22 11:07:26 macsrv postfix/postfix-script[79366]: refreshing the Postfix mail system

Nov 22 11:07:26 macsrv postfix/master[79340]: reload -- version 2.8.4, configuration /etc/postfix

Nov 22 11:08:32 macsrv postfix/postscreen[79394]: CONNECT from [216.32.180.13]:26867

Nov 22 11:08:38 macsrv postfix/postscreen[79394]: PASS NEW [216.32.180.13]:26867

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: connect from va3ehsobe003.messaging.microsoft.com[216.32.180.13]

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: SSL_accept error from va3ehsobe003.messaging.microsoft.com[216.32.180.13]: -1

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: lost connection after STARTTLS from va3ehsobe003.messaging.microsoft.com[216.32.180.13]

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: disconnect from va3ehsobe003.messaging.microsoft.com[216.32.180.13]

 

 

The SMTP port and mail submission is open in the firewall.

 

Are there anyone who has a clue on how to get the SMTP service in OS X Lion to work with a certificate?


Mac mini, OS X Server
  • MaLu_Swe Level 1 Level 1 (0 points)

    I've solved it!

     

    After I ran an update for IPS on the Check Point Firewall and then added an exclusion for a triggered IPS definition called SMTP STARTTLS Command, the mail now works fully with the Thawte 123 certificate!

     

    I also updated the IPS last week, but that didn't change anything.

    So I guess this is a very recent change in the IPS package from Check Point.