No SSL connection from mail client

Hi just created a SSL cert (http://www.howtoforge.com/forums/showthread.php?t=10421&highlight=ssl&page=5) and the mail clients couldn't connect using SSL inside the LAN, connecting to IP address, I'm not sure if the firewall should be listening ports 993 and 465.

Is it possible to LAN users not using SSL (conencting to 143 and 25 ports) and WAN / Inet users use SSL?

Thanx in advance

 

What's the output of

Code:

netstat -tap

? Any errors in your mail log?

 

Nothing found in the logs

netstat -tap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 *:mysql *:* LISTEN 4834/mysqld
tcp 0 0 localhost:spamd *:* LISTEN 4896/spamd.pid
tcp 0 0 *:sunrpc *:* LISTEN 4346/portmap
tcp 0 0 *:www *:* LISTEN 5559/apache2
tcp 0 0 *:81 *:* LISTEN 5359/ispconfig_http
tcp 0 0 *:36468 *:* LISTEN 5064/rpc.mountd
tcp 0 0 *:36564 *:* LISTEN 4362/rpc.statd
tcp 0 0 servername.domain.com:domain *:* LISTEN 5702/named
tcp 0 0 localhost:domain *:* LISTEN 5702/named
tcp 0 0 *:46837 *:* LISTEN -
tcp 0 0 *:smtp *:* LISTEN 26768/smtpd
tcp 0 0 localhost:953 *:* LISTEN 5702/named
tcp 0 0 *:https *:* LISTEN 5559/apache2
tcp 0 0 servername.domain.com:www servidor.domain:1681 TIME_WAIT -
tcp 0 0 servername.domain.com:smtp servidor.domain:1686 TIME_WAIT -
tcp6 0 0 [::]:imaps [::]:* LISTEN 4953/couriertcpd
tcp6 0 0 [::]op3s [::]:* LISTEN 4987/couriertcpd
tcp6 0 0 [::]op3 [::]:* LISTEN 4967/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 4933/couriertcpd
tcp6 0 0 [::]:ftp [::]:* LISTEN 7221/proftpd: (acce
tcp6 0 0 [::]:ssh [::]:* LISTEN 4716/sshd
tcp6 0 0 [::]:smtp [::]:* LISTEN 26768/smtpd
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 5702/named
tcp6 0 148 servername.domain.com:ssh machine.name:1276 ESTABLISHED 27326/sshd: wolf [ p
tcp6 0 56224 servername.domain.com:imap2 80.27.101.77%3101:13427 ESTABLISHED 25546/imapd
tcp6 0 0 servername.domain.comop3 machine.name:2224 TIME_WAIT -
tcp6 0 0 servername.domain.comop3 machine.name:nut TIME_WAIT -
tcp6 0 0 servername.domain.com:imap2 Inet.ip:55815 ESTABLISHED 26702/imapd
tcp6 0 0 servername.domain.comop3 machine.name:1851 TIME_WAIT -
tcp6 0 0 servername.domain.comop3 machine.name:1909 TIME_WAIT -
tcp6 0 0 servername.domain.com:imap2 Inet.ip:54792 ESTABLISHED 15325/imapd
tcp6 0 0 servername.domain.comop3 machine.name:2222 TIME_WAIT -
tcp6 0 0 servername.domain.com:imap2 inet.ip:54795 ESTABLISHED 15334/imapd
tcp6 0 0 servername.domain.com:imap2 Inet.ip:54837 ESTABLISHED 16064/imapd
tcp6 0 0 servername.domain.comop3 machine.name:2047 TIME_WAIT -

 

I don't see port 465 (or ssmtp) in the output.

 

Nor do I, how I open the port?

 

Did you enable it in /etc/postfix/master.cf?

 

After enabling SSL in ISPConfig?. Nope.

Should I?

 

Yes, otherwise Postfix won't listen on port 465. The SSL option in ISPconfig has nothing to do with Postfix. It's for Apache only.

 

Ok, how do I open those ports? I supose it must be editint that file isn't it?.

 

Yes, you must modify /etc/postfix/master.cf.

 

just found this:

# CONFIGURATION TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd-key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1

I'll let you know

Update, if I add those lines postfix does not work, strange isn't it?

 

Any errors in your mail log then?

 

The postfix status shows postfix is not running so nothing happens..... I'd to change back and the postfix restart. Comnand postfix status show it's running with PID #

 

Did you check your mail log?