postfix don't work with tls or ssl

[aemaeth]

Hi world , I use gentoo for amd64 with postfix 2.4.1 with USE="ipv6 pam ssl sasl dovecot-sasl". I need a secure smtp local server but... don't work ... only in text plain (port 25 without tls)

My postconf -n is:

broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib64/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 10
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix-2.4.1/html
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mailbox_command = maildrop
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = shidare.com
myhostname = tetsuo.shidare.com
mynetworks = 192.168.0.0/24, 192.168.1.0/24, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.1/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

if I do a telnet...

telnet tetsuo.shidare.com 25
Trying 127.0.0.1...
Connected to tetsuo.shidare.com.
Escape character is '^]'.
220 tetsuo.shidare.com ESMTP Postfix
EHLO tetsuo.shidare.com
250-tetsuo.shidare.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

If I type netstat -an...

netstat -an | grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN

netstat -an | grep 587
nothing...

netstat -an | grep 465
nothing...

I used the faq http://www.gentoo.org/doc/es/virt-mail-howto.xml (I'm spanish)

My postfix directory:

/etc/postfix
total 108
-rw-r--r-- 1 root root 3336 may 30 20:16 cacert.pem
-rw-r--r-- 1 root root 26827 may 31 13:57 main.cf
-rw-r--r-- 1 root root 4826 may 31 13:57 master.cf
-rw-r--r-- 1 root root 3198 may 30 20:15 newcert.pem
-rw-r--r-- 1 root root 672 may 30 20:16 newreq.pem
-rw-r--r-- 1 root root 17588 may 31 13:57 postfix-files
-rwxr-xr-x 1 root root 6647 may 31 13:57 postfix-script
-rwxr-xr-x 1 root root 22197 may 31 13:57 post-install
-rw------- 1 root root 1024 may 31 13:27 prng_exch
-rw------- 1 root root 141 may 31 13:57 saslpass

My master.cf
smtp inet n - n - - smtpd -v

My /etc/sasl2/smtpd.conf
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $
# pwcheck_method:pam
mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5
pwcheck_method: saslauthd

My smtp

I've active "STARTTLS"... but don't work... somebody knows why? Thx.
_________________
Do you believe in sweet dreams?

[elgato319]

How do you know that TLS doesn't work?

Is this mailserver reachable from the outside?

You can test TLS with net-mail/swaks

[aemaeth]

I test if TLS work with my mail client (thunderbird and apple mail and outlook). This mailserver haven't firewall, only work in my private network (192.168.0.0 and 192.168.1.0).
_________________
Do you believe in sweet dreams?

[elgato319]

Does Thunderbird/Apple Mail/Outlook give you some useful information?

I suggest to use swaks because you can seen every smtp command.