How to configure postfix to allow tls and non tls on port 587

Discussion in 'Installation/Configuration' started by destine, Nov 15, 2014.

  1. destine

    destine Member

    Hi everyone

    I would ask you how can I setup postfix to use TLS and non TLS connection on port 587.

    Below is my current config:

    submission inet n - - - - smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_wrappermode=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject

    this should work for me but it doesn't. When for example somebody is trying to send emial via windows live mail and don't "check" option this server require ssl then they got error message "STARTTLS first"

    any sugestion ?

    thx in advance
     
  2. destine

    destine Member

    When I connect to port 25 I can see that both startssl and auth plain login method are enabled

    250-PIPELINING
    250-SIZE 61440000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN

    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN


    but on port 587 I have only startssl

    250-PIPELINING
    250-SIZE 61440000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

    how can I enable same on both port

    Do I need to configure some additional software ?
     
    Last edited: Nov 16, 2014
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    try to comment out all -o lines after the submission line. Then restart postfix and test again. This should make the submission port equal to the setup of port 25.
     
  4. destine

    destine Member

    Ok I have fixed it. I didn't see that on bottom of master.cf ispconfig3 makes its own submission section with smtpd_tls_security_level=encrypt. Grep command is best friend :) as always

    thanx Till for help
     
    Last edited: Nov 16, 2014
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The second submission section is not from ispconfig.
     

Share This Page