On 02/04/2013 03:47 PM, Noel Jones wrote:
On 2/4/2013 12:27 PM, Robert Moskowitz wrote:
I am into final tuning of my mail server, and I greatly appreciate
all the help I have received from the many lists I have had to go to
for help. I am now at actual external testing, starting out with
some free mail test servers. Right now I am trying out:
http://www.emailsecuritygrader.com
And from there I became aware that I probably don't have SMTPS (port
465) configured properly. Actually at first I did not even have it
set up! So I reread the readme:
http://www.postfix.org/TLS_README.html
And add:
/etc/postfix/main.cf
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
/etc/postfix/master.cf:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
The smtps port should be reserved for authorized users only -- just
like the submission port -- and never used for general-purpose email.
Generally you would add something like
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
I will look into this. My setup uses virutal domains and mysql for the
users, so a list may be contrived. But also the implication is that
users would have to ask me for this method of connectivity which has its
merits.
and then in main.cf add
submission_recipient_restrictions =
permit_sasl_authenticated
reject
thanks I will review this.
and restarted postfix
And tried to telnet into localhost 465. All I get is:
This is an encrypted connection and can't be tested with telnet.
You can test it with openssl:
openssl s_client -connect server.example.com:465
Grumple. I did this to test out secure IMAP for dovecot. Obvious once
my nose is stuck in it. Thanks.
If you get the postfix greeting banner, it's working properly.
But be aware that smtps is deprecated and you probably shouldn't
bother enabling it unless you need it to support legacy clients.
Good to know. I kind of got that feeling from the TLS_README that it
was for older OE clients, and I have one of those. A reason for them to
move up. Hopefully.