Enable TLS on Postfix 25 port

Discussion in 'General' started by andresgt2000, Aug 25, 2015.

  1. andresgt2000

    andresgt2000 Member

    Hi everyone!

    I readed this articles about the subject, and try to put in actión the recomendations but not work for my configuration.

    1 - HowtoForge Postfix: send using TLS
    2 - HowtoForge: How to configure postfix to allow tls and non tls on port 587

    My infraestructure is this:
    • Ubuntu 12.04 TLS
    • Postfix 2.9.6
    • Dovecot 2.0.19
    • ISPConfig 3.0.5.4
    Result of the telnet commands are this:

    Telnet mail.xxx.com 25

    220 mail.xxx.com ESMTP Postfix (Ubuntu)
    ehlo mail.xxx.com
    250-mail.xxx.com
    250-SIZE 31211520
    250-VRFY
    250-ETRN
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

    Telnet mail.xxx.com 587


    220 mail.xxx.com ESMTP Postfix (Ubuntu)
    ehlo mail.xxx.com
    250-mail.xxx.com
    250-PIPELINING
    250-SIZE 31457280
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

    I have other server with the same configuration, the only diference is that this server have full configuration in one server and the telnet for the port 25 show this:

    250-PIPELINING
    250-SIZE 31457280
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN

    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

    I compare the config files of the two servers and they are practically identical. Then I don't know why in one of my servers work correctly and in the other no.

    I try to comment the master.cf like till said after of the line submission, I restart the service but not work.

    submission inet n - - - - smtpd
    # -o syslog_name=postfix/submission
    # -o smtpd_tls_security_level=encrypt
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING

    And I not sure about the solution of smtpd_tls_security_level=encrypt, because if I don't mistake, I read somewhere, that option may is used to avoid problems with servers that not support TLS.

    Thank you everyone for the help you can give me.
     

    Attached Files:

  2. andresgt2000

    andresgt2000 Member

    Hello

    I found a difference in the configuration of my main.cf of my server. The other config file has this option "smtpd_tls_auth_only = no", then I add this line to my main.cf and restart the service.

    The new line not gave me result, and I continue without TLS over port 25.

    I continue reading about the subject, and I find that can I add this options, but the other server does not have it.

    smtp_tls_note_starttls_offer = yes
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s


    Do you think this line help me to solve the behavior?

    I will add this options later, to see what gonna happen, but if you see something wrong in the main.cf please say me.

    Thank you.

     

Share This Page