Greylite refuses the first message from all addresses the first time, with a temporary (4xx) SMTP error.
Telnet to the greylite-protected server from an address falling in the :allow rule of the CDB file; then issue the following SMTP session (you issue the red commands):
# telnet my.server.com 25 Trying 1.2.3.4... Connected to my.server.com. Escape character is '^]'. 220 my.server.com ESMTP HELO asd 250 my.server.com MAIL FROM:<youruser@yourhost.com> 250 ok RCPT TO:<youruser@yourhost.com> 451 qqt failure (#4.3.0) -- or -- 452 insufficient system storage
The connection is closed. Wait 30 seconds and try again the same commands, the message should be accepted.
P.S.: ALWAYS test from an external address, one for which the GREYLIST environment variable will be set.
The STARTTLS command is part of a SMTP extension. It is supported out of the box by a few exchangers. A client issuing this command (right after the EHLO command) is asking the server to move to an encrypted SMTP session.
Once the encryption has been negotiated, the SMTP session restarts from the beginning as usual (but the STARTTLS command is now disabled), thus it can be tested with the method shown previously.
Being an intermediary, greylite gives up when the connection gets encrypted, passing data back and forth passively.
You can test that the STARTTLS command is working with the openssl suite: it starts a connection, issues the command, performs the key exchange and returns a console for reading/writing the data passing through the encrypted channel. Use:
openssl openssl s_client -starttls smtp -connect SERVERADDR:SERVERPORT
And replace SERVERADDR and SERVERPORT appropriately.