[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Paul Schmehl via Postfix-users 
> On Jun 18, 2024, at 1:34 AM, Viktor Dukhovni via Postfix-users 
>  wrote:
> 
> On Tue, Jun 18, 2024 at 01:04:25AM -0500, Paul Schmehl via Postfix-users 
> wrote:
> 
>> # posttls-finger -w -lsecure -C "mail.stovebolt.com:465" "www.stovebolt.com"
> 
> Why the "www.stovebolt.com"???  What hostname is roundcube configured to
> connect to?  The certificate is for "mail.stovebolt.com".

This is what I have in roundcube presently:

$config['smtp_host'] = 'tls://mail.stovebolt.com:465’;

> 
> Correctly configured, wrapper-mode TLS is working on port 465, but one
> of the subject alternative DNS names in the certificate needs to match
> the hostname used by roundcube, or conversely, roundcube needs to be
> configured to connect to one of those names.
> 
I think I’ve done that correctly now.

I have posted both postconf -nf and postconf -Mf to the web. You can view them 
here:

https://www.stovebolt.com/postconfnf.txt
https://www.stovebolt.com/postconfMf.txt

I’ve been using postfix for a long, long time. It’s entirely possible to I have 
out-of-date config stuff. I’m running 3.9.0-1 now.

Paul Schmehl
paul.schm...@gmail.com
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Viktor Dukhovni via Postfix-users 
On Tue, Jun 18, 2024 at 01:04:25AM -0500, Paul Schmehl via Postfix-users wrote:

> >> posttls-finger: warning: TLS library problem: error:1408F10B:SSL 
> >> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
> > 
> > Your port 465 "smtps" service is misconfigured, it is missing the
> > "-o smtpd_tls_wrapper_mode=yes" option.
>
> OK. wrappermode was commented out. I uncommented it, restarted the
> daemon, and ran finger again.

[ For future drawn-out threads, we really should not let these go on
  quite so long without requesting the "postconf -nf" and "postconf -Mf"
  outputs. ]

> # posttls-finger -w -lsecure -C "mail.stovebolt.com:465" "www.stovebolt.com"

Why the "www.stovebolt.com"???  What hostname is roundcube configured to
connect to?  The certificate is for "mail.stovebolt.com".

> posttls-finger: Connected to mail.stovebolt.com[108.174.193.29]:465
> posttls-finger: server certificate verification failed for 
> mail.stovebolt.com[108.174.193.29]:465: num=62:Hostname mismatch
> posttls-finger: mail.stovebolt.com[108.174.193.29]:465: 
> subject_CN=mail.stovebolt.com, issuer=R10, cert 
> fingerprint=B6:E5:61:8F:1D:B3:98:54:36:CF:09:A1:04:96:E4:14:21:8C:59:91:AB:C5:60:27:34:E5:61:66:68:1E:83:D5,
>  pkey 
> fingerprint=26:05:FB:BB:A6:40:3D:66:16:B3:85:3A:23:9F:97:42:7E:BA:E2:BA:FF:DB:DA:67:B2:87:9B:16:A7:83:3D:0D
> posttls-finger: Untrusted TLS connection established to 
> mail.stovebolt.com[108.174.193.29]:465: TLSv1.3 with cipher 
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature 
> RSA-PSS (4096 bits) server-digest SHA256

> This looks like it’s working correctly now, right?

Correctly configured, wrapper-mode TLS is working on port 465, but one
of the subject alternative DNS names in the certificate needs to match
the hostname used by roundcube, or conversely, roundcube needs to be
configured to connect to one of those names.

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Paul Schmehl via Postfix-users 
> On Jun 18, 2024, at 12:38 AM, Viktor Dukhovni via Postfix-users 
>  wrote:
> 
> On Mon, Jun 17, 2024 at 11:39:27PM -0500, Paul Schmehl via Postfix-users 
> wrote:
> 
>> That might have uncovered a problem.
>> 
>> # posttls-finger -w -lsecure -C "www.stovebolt.com:465" “www.stovebolt.com"
>> 
>> posttls-finger: Connected to www.stovebolt.com[108.174.193.28]:465
>> posttls-finger: SSL_connect error to www.stovebolt.com[108.174.193.28]:465: 
>> -1
>> posttls-finger: warning: TLS library problem: error:1408F10B:SSL 
>> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
> 
> Your port 465 "smtps" service is misconfigured, it is missing the
> "-o smtpd_tls_wrapper_mode=yes" option.  For example:
> 
>465inet  n   -   n   -   -   smtpd
>-o smtpd_tls_wrappermode=yes
>-o smtpd_milters=
>-o syslog_name=postfix/smtps
>-o smtpd_sasl_auth_enable=yes
>-o {smtpd_client_restrictions=reject_rbl_client 
> zen.spamhaus.org=127.0.0.4}
>-o smtpd_helo_restrictions=
>-o smtpd_sender_restrictions=
>-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
>-o smtpd_recipient_restrictions=
>-o smtpd_data_restrictions=
>-o smtpd_end_of_data_restrictions=
>-o milter_macro_daemon_name=ORIGINATING
>-o smtpd_milters=$mua_milters
>-o always_add_missing_headers=yes
> 
OK. wrappermode was commented out. I uncommented it, restarted the daemon, and 
ran finger again.

# posttls-finger -w -lsecure -C "mail.stovebolt.com:465" "www.stovebolt.com"
posttls-finger: Connected to mail.stovebolt.com[108.174.193.29]:465
posttls-finger: server certificate verification failed for 
mail.stovebolt.com[108.174.193.29]:465: num=62:Hostname mismatch
posttls-finger: mail.stovebolt.com[108.174.193.29]:465: 
subject_CN=mail.stovebolt.com, issuer=R10, cert 
fingerprint=B6:E5:61:8F:1D:B3:98:54:36:CF:09:A1:04:96:E4:14:21:8C:59:91:AB:C5:60:27:34:E5:61:66:68:1E:83:D5,
 pkey 
fingerprint=26:05:FB:BB:A6:40:3D:66:16:B3:85:3A:23:9F:97:42:7E:BA:E2:BA:FF:DB:DA:67:B2:87:9B:16:A7:83:3D:0D
posttls-finger: Untrusted TLS connection established to 
mail.stovebolt.com[108.174.193.29]:465: TLSv1.3 with cipher 
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature 
RSA-PSS (4096 bits) server-digest SHA256
posttls-finger: < 220 mail.stovebolt.com ESMTP Postfix
posttls-finger: > EHLO mail.stovebolt.com
posttls-finger: < 250-mail.stovebolt.com
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-SIZE 9
posttls-finger: < 250-VRFY
posttls-finger: < 250-ETRN
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-DSN
posttls-finger: < 250-SMTPUTF8
posttls-finger: < 250 CHUNKING

---
Certificate chain
(I deleted all the cert stuff)

posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 Bye

This looks like it’s working correctly now, right?

Paul Schmehl
paul.schm...@gmail.com



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Viktor Dukhovni via Postfix-users 
On Mon, Jun 17, 2024 at 11:39:27PM -0500, Paul Schmehl via Postfix-users wrote:

> That might have uncovered a problem.
> 
> # posttls-finger -w -lsecure -C "www.stovebolt.com:465" “www.stovebolt.com"
> 
> posttls-finger: Connected to www.stovebolt.com[108.174.193.28]:465
> posttls-finger: SSL_connect error to www.stovebolt.com[108.174.193.28]:465: -1
> posttls-finger: warning: TLS library problem: error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:

Your port 465 "smtps" service is misconfigured, it is missing the
"-o smtpd_tls_wrapper_mode=yes" option.  For example:

465inet  n   -   n   -   -   smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_milters=
-o syslog_name=postfix/smtps
-o smtpd_sasl_auth_enable=yes
-o {smtpd_client_restrictions=reject_rbl_client 
zen.spamhaus.org=127.0.0.4}
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_milters=$mua_milters
-o always_add_missing_headers=yes

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Paul Schmehl via Postfix-users 
> On Jun 17, 2024, at 10:14 PM, Cowbay via Postfix-users 
>  wrote:
> 
> On 2024/6/18 10:43, Paul Schmehl via Postfix-users wrote:

> The problem is neither tls nor ssl worked. No matter what config I used, 
> roundcube would always through an error. If I used $config['smtp_host'] = 
> ‘tls;//www.stovebolt.com'; or I used $config['smtp_host'] = 
> ’ssl;//www.stovebolt.com'; roundcube would error out saying it couldn’t 
> connect to the server. If I removed them and used only the FQHN, it errored 
> out saying the postfix doesn’t support authentication.
>> 
>> I thought maybe it might be a cert issue (I was using a self-signed cert), 
>> so I switched to a letsencrypt cert, but that made no difference. No matter 
>> what I did, roundcube refused to send mail.
> I learned a tool to check this problem. You can try below command and check 
> the output:
> 
> posttls-finger -w -lsecure -C "www.stovebolt.com:465 
> " “www.stovebolt.com 
> ”

That might have uncovered a problem.

# posttls-finger -w -lsecure -C "www.stovebolt.com:465" “www.stovebolt.com"

posttls-finger: Connected to www.stovebolt.com[108.174.193.28]:465
posttls-finger: SSL_connect error to www.stovebolt.com[108.174.193.28]:465: -1
posttls-finger: warning: TLS library problem: error:1408F10B:SSL 
routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:

Paul Schmehl
paul.schm...@gmail.com



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Jeff Peng via Postfix-users 

On 2024-06-18 10:40, postfix--- via Postfix-users wrote:
To be honest, you still likely want authentication.  Keep in mind 
that you don't need to authenticate as a single user for roundcube 
but rather you can have roundcube pass authentication through from 
it's own user login and therefore support multiple users while also 
allowing postfix to support those same multiple users and see their 
individual logins. The point of this is that you can then use 
settings such as smtpd_sender_login_maps and 
reject_sender_login_mismatch in postfix to control individual users 
from roundcube.


though it's a big offtopic, may I ask that, for roundcube, how to stop 
users adding their own sender identity? for example, when user login 
as u...@domain.com, they can add the identity in roundcube interface 
as f...@bar.com.


It is what the previous poster was explaining to you. It isn't turn key 
and requires some custom SQL queries or config if using flat files. But 
you use permit_sasl_authenticated on submission to make sure only 
authenticated users can send email, then you use 
reject_sender_login_mismatch to make sure they can only send email that 
has a from address belonging to whomever is logged in through 
permit_sasl_authenticated.


Postfix will not accept email through submission they are not 
authorized to send. When the user clicks the send email button they 
will see an error message to the effect they are not the owner of the 
address they are trying to use.


Another less secure option is roundcube has a setting that disables the 
ability of users to create or edit identities in the web interface 
keeping them stuck using only the From: address their roundcube account 
was created with.


  $config['identities_level'] = 3;
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


Great to know the info.
Thanks Peter!
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Gary R. Schmidt via Postfix-users 

On 18/06/2024 12:43, Paul Schmehl via Postfix-users wrote:
[SNIP]

roundcube would always through an error. If I used $config['smtp_host'] 
= ‘tls;//www.stovebolt.com'; or I used $config['smtp_host'] = 
’ssl;//www.stovebolt.com'; roundcube would error out saying it couldn’t 

I hope the semi-colon characters above are a typo, not the actual lines!

Cheers,
GaryB-)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Cowbay via Postfix-users 

On 2024/6/18 10:43, Paul Schmehl via Postfix-users wrote:

On Jun 17, 2024, at 6:30 PM, Peter via Postfix-users 
 wrote:


On 17/06/2024 17:28, Paul Schmehl wrote:

How do you set up roundcube to not use authentication? I really don’t need it 
since it’s on the same machine as the mail server. What config options do I 
need to use?


To be honest, you still likely want authentication.  Keep in mind that you 
don't need to authenticate as a single user for roundcube but rather you can 
have roundcube pass authentication through from it's own user login and 
therefore support multiple users while also allowing postfix to support those 
same multiple users and see their individual logins. The point of this is that 
you can then use settings such as smtpd_sender_login_maps and 
reject_sender_login_mismatch in postfix to control individual users from 
roundcube.

http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch


The problem is neither tls nor ssl worked. No matter what config I used, 
roundcube would always through an error. If I used $config['smtp_host'] = 
‘tls;//www.stovebolt.com'; or I used $config['smtp_host'] = 
’ssl;//www.stovebolt.com'; roundcube would error out saying it couldn’t connect 
to the server. If I removed them and used only the FQHN, it errored out saying 
the postfix doesn’t support authentication.

I thought maybe it might be a cert issue (I was using a self-signed cert), so I 
switched to a letsencrypt cert, but that made no difference. No matter what I 
did, roundcube refused to send mail.


I learned a tool to check this problem. You can try below command and check the 
output:

posttls-finger -w -lsecure -C "www.stovebolt.com:465" "www.stovebolt.com"



Paul Schmehl
paul.schm...@gmail.com



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Peter via Postfix-users 

On 18/06/24 14:43, Paul Schmehl via Postfix-users wrote:
If I used $config['smtp_host'] 
= ‘tls;//www.stovebolt.com'; or I used $config['smtp_host'] = 
’ssl;//www.stovebolt.com'; roundcube would error out saying it couldn’t 
connect to the server.

It's "tls://..." or "ssl://" with a colon (:) not a semicolon (;).


Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Paul Schmehl via Postfix-users 
> On Jun 17, 2024, at 6:30 PM, Peter via Postfix-users 
>  wrote:
> 
>> On 17/06/2024 17:28, Paul Schmehl wrote:
>>> How do you set up roundcube to not use authentication? I really don’t need 
>>> it since it’s on the same machine as the mail server. What config options 
>>> do I need to use?
> 
> To be honest, you still likely want authentication.  Keep in mind that you 
> don't need to authenticate as a single user for roundcube but rather you can 
> have roundcube pass authentication through from it's own user login and 
> therefore support multiple users while also allowing postfix to support those 
> same multiple users and see their individual logins. The point of this is 
> that you can then use settings such as smtpd_sender_login_maps and 
> reject_sender_login_mismatch in postfix to control individual users from 
> roundcube.
> 
> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch

The problem is neither tls nor ssl worked. No matter what config I used, 
roundcube would always through an error. If I used $config['smtp_host'] = 
‘tls;//www.stovebolt.com'; or I used $config['smtp_host'] = 
’ssl;//www.stovebolt.com'; roundcube would error out saying it couldn’t connect 
to the server. If I removed them and used only the FQHN, it errored out saying 
the postfix doesn’t support authentication.

I thought maybe it might be a cert issue (I was using a self-signed cert), so I 
switched to a letsencrypt cert, but that made no difference. No matter what I 
did, roundcube refused to send mail.

Paul Schmehl
paul.schm...@gmail.com
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread postfix--- via Postfix-users 

To be honest, you still likely want authentication.  Keep in mind that you 
don't need to authenticate as a single user for roundcube but rather you can 
have roundcube pass authentication through from it's own user login and 
therefore support multiple users while also allowing postfix to support those 
same multiple users and see their individual logins. The point of this is that 
you can then use settings such as smtpd_sender_login_maps and 
reject_sender_login_mismatch in postfix to control individual users from 
roundcube.



though it's a big offtopic, may I ask that, for roundcube, how to stop users 
adding their own sender identity? for example, when user login as 
u...@domain.com, they can add the identity in roundcube interface as 
f...@bar.com.


It is what the previous poster was explaining to you. It isn't turn key and 
requires some custom SQL queries or config if using flat files. But you use 
permit_sasl_authenticated on submission to make sure only authenticated users 
can send email, then you use reject_sender_login_mismatch to make sure they can 
only send email that has a from address belonging to whomever is logged in 
through permit_sasl_authenticated.

Postfix will not accept email through submission they are not authorized to 
send. When the user clicks the send email button they will see an error message 
to the effect they are not the owner of the address they are trying to use.

Another less secure option is roundcube has a setting that disables the ability 
of users to create or edit identities in the web interface keeping them stuck 
using only the From: address their roundcube account was created with.

  $config['identities_level'] = 3;
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Peter via Postfix-users 

On 18/06/24 13:00, Jeff Peng via Postfix-users wrote:

On 2024-06-18 07:30, Peter via Postfix-users wrote:

On 17/06/2024 17:28, Paul Schmehl wrote:
How do you set up roundcube to not use authentication? I really 
don’t need it since it’s on the same machine as the mail server. 
What config options do I need to use?


To be honest, you still likely want authentication.  Keep in mind that 
you don't need to authenticate as a single user for roundcube but 
rather you can have roundcube pass authentication through from it's 
own user login and therefore support multiple users while also 
allowing postfix to support those same multiple users and see their 
individual logins. The point of this is that you can then use settings 
such as smtpd_sender_login_maps and reject_sender_login_mismatch in 
postfix to control individual users from roundcube.




though it's a big offtopic, may I ask that, for roundcube, how to stop 
users adding their own sender identity? for example, when user login as 
u...@domain.com, they can add the identity in roundcube interface as 
f...@bar.com.


I don't know off the top of my head but roundcube is not necessarily the 
right place to do this.  Consider that someone can bypass roundcube and 
connect to the submission port directly then any limitations you put in 
roundcube won't matter.  It's better to put the limitations in postfix 
and dovecot so that no matter how the user connects they will be limited.



Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Jeff Peng via Postfix-users 

On 2024-06-18 07:30, Peter via Postfix-users wrote:

On 17/06/2024 17:28, Paul Schmehl wrote:
How do you set up roundcube to not use authentication? I really don’t 
need it since it’s on the same machine as the mail server. What 
config options do I need to use?


To be honest, you still likely want authentication.  Keep in mind that 
you don't need to authenticate as a single user for roundcube but 
rather you can have roundcube pass authentication through from it's own 
user login and therefore support multiple users while also allowing 
postfix to support those same multiple users and see their individual 
logins. The point of this is that you can then use settings such as 
smtpd_sender_login_maps and reject_sender_login_mismatch in postfix to 
control individual users from roundcube.




though it's a big offtopic, may I ask that, for roundcube, how to stop 
users adding their own sender identity? for example, when user login as 
u...@domain.com, they can add the identity in roundcube interface as 
f...@bar.com.


Thanks.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Peter via Postfix-users 

On 17/06/2024 17:28, Paul Schmehl wrote:
How do you set up roundcube to not use authentication? I really don’t 
need it since it’s on the same machine as the mail server. What config 
options do I need to use?


To be honest, you still likely want authentication.  Keep in mind that 
you don't need to authenticate as a single user for roundcube but rather 
you can have roundcube pass authentication through from it's own user 
login and therefore support multiple users while also allowing postfix 
to support those same multiple users and see their individual logins. 
The point of this is that you can then use settings such as 
smtpd_sender_login_maps and reject_sender_login_mismatch in postfix to 
control individual users from roundcube.


http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch


Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Peter via Postfix-users 

On 17/06/24 17:16, Peter via Postfix-users wrote:
Without seeing logs and actual config settings I can only guess.  One 
thing to keep in mind is that there's two types of TLS connection, 
implicit TLS and explicit TLS.  Implicit TLS connects to a port 
dedicated to TLS connections, for submission this is the submissions 
(note the "s" on the end) port 465 (formerly called smtps) and is now 
the recommended service to submit mail to.  This is also controlled by 
the "wrappermode" setting in master.cf for the service.  Explicit TLS 
connects first in plain text then uses the STARTTLS command to establish 
a TLS session, this is how the submission (note no "s" on the end) 
service on port 587 works.  If you have wrappermode incorrectly set in 
postfix, or you have the wrong setting in roundcube then roundcube may 
be trying to connect with implicit TLS when postfix is expecting 
explicit TLS or vice-versa, either one will cause a failure at or 
shortly after connection time.


Just to help clarify, roundcube uses a prefix of "ssl://" to indicate 
implicit TLS and "tls://" to indicate explicit TLS (using STARTTLS) so 
for the submission service (587, no wrappermode in the master.cf config) 
you should be using "tls://" in roundcube for the smtp_server setting 
and set the smtp_port to 587.  For the submissions service (465, 
wrappermode set in master.cf) you should be using "ssl://" for 
smtp_server and 465 for smtp_port.



Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Do I have sals authentication properly configured?

2024-06-17 Thread Wietse Venema via Postfix-users 
Paul Schmehl via Postfix-users:
> Both apps on on the same server and *should* be using the same clock.
> > 
> I don't want to waste any more of your time. It?s working, so I?m happy.

You can make your life easier by fixing the program that is losing
Postfix logging. systemd has been implicated in such problems.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Do I have sals authentication properly configured?

2024-06-17 Thread Paul Schmehl via Postfix-users 
> On Jun 17, 2024, at 4:27 PM, Wietse Venema via Postfix-users 
>  wrote:
> 
> Paul Schmehl via Postfix-users:
> - Did the client send starttls? That is logged in the "disconnect
> from" line.
> 
 
 I don't see anything in the postfix logs (/var/log/maillog) from 
 roundcube. I guess I need to enable debug.
>>> 
>>> No debug logging needed. This information is ALWAYS logged:
>>> 
>>> Example of client that sends starttls:
>>>   disconnect from host[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 
>>> commands=7
>> 
>> When I grep for 'disconnect from' I get 118,816 entries in the
>> log. 20,297 of those are from one IP.
>> 
>> When I look in the logs for the timestamp that is in the roundcube
>> smtp log, I find nothing.
> 
> Yeah. Are your clocks properly synchronized, like NTP? Or do you
> use whatever the clock on the motherboard says?
> 
I have a cron job that runs daily to sync the clocks to an atomic standard.

>> [17-Jun-2024 15:24:58 -0500]:  Recv: 220 mail.stovebolt.com ESMTP 
>> Postfix
> [successsful auth, mail, rcpt, data and so on.]
> 
> Clearly you solved a problem by June 17.

Yes, I switched to port 25 and stopped trying to get roundcube to work on the 
other ports. I know someone said I should use port 465, but nothing I tried 
worked, so I gave up.
> 
>> So, that's one session in Roundcube. There should be a corresponding entry 
>> in the maillog, right?
>> 
>> grep "15:24:5" /var/log/maillog
> 
> You can do that only if your clocks are accurate to within two seconds,
> otherwise it could already be 15:25:0* on the host that runs Postfix.

Both apps on on the same server and *should* be using the same clock.
> 
I don’t want to waste any more of your time. It’s working, so I’m happy.

Paul Schmehl
paul.schm...@gmail.com



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Do I have sals authentication properly configured?

2024-06-17 Thread Wietse Venema via Postfix-users 
Paul Schmehl via Postfix-users:
> >>> - Did the client send starttls? That is logged in the "disconnect
> >>> from" line.
> >>> 
> >> 
> >> I don't see anything in the postfix logs (/var/log/maillog) from 
> >> roundcube. I guess I need to enable debug.
> > 
> > No debug logging needed. This information is ALWAYS logged:
> > 
> > Example of client that sends starttls:
> >disconnect from host[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 
> > commands=7
> 
> When I grep for 'disconnect from' I get 118,816 entries in the
> log. 20,297 of those are from one IP.
> 
> When I look in the logs for the timestamp that is in the roundcube
> smtp log, I find nothing.

Yeah. Are your clocks properly synchronized, like NTP? Or do you
use whatever the clock on the motherboard says?

> [17-Jun-2024 15:24:58 -0500]:  Recv: 220 mail.stovebolt.com ESMTP 
> Postfix
[successsful auth, mail, rcpt, data and so on.]

Clearly you solved a problem by June 17.

> So, that's one session in Roundcube. There should be a corresponding entry in 
> the maillog, right?
> 
> grep "15:24:5" /var/log/maillog

You can do that only if your clocks are accurate to within two seconds,
otherwise it could already be 15:25:0* on the host that runs Postfix.

> Jun 16 15:24:57 ded602 postfix/smtpd[11420]: disconnect from 
> unknown[80.244.11.148] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4

That was on June 16, an example of a client that did not send
STARTTLS, and that sent AUTH but failed (0 successful of 1 attempts).
It then sent RSET and QUIT.

Clearly, a different session than the successful one above.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Do I have sals authentication properly configured?

2024-06-17 Thread Paul Schmehl via Postfix-users 
> On Jun 17, 2024, at 7:12 AM, Wietse Venema via Postfix-users 
>  wrote:
> 
> Paul Schmehl via Postfix-users:
>>> On Jun 16, 2024, at 5:02?PM, Wietse Venema via Postfix-users 
>>>  wrote:
>>> 
>>> Paul Schmehl via Postfix-users:
 I?m trying to sort out a problem with Roundcube failing to send email with 
 an error message that says SMTP Error(): authentication failed. In the 
 roundcube error log I find this:
 
 [16-Jun-2024 13:58:24 -0500]: <5s9tomcd> PHP Error: SMTP server does not 
 support authentication (POST 
 /webmail/?_task=mail&_unlock=loading1718564304121&_framed=1&_action=send)
 [16-Jun-2024 13:58:24 -0500]: <5s9tomcd> SMTP Error: Authentication 
 failure: mail.stovebolt.com 
>>> 
>>> Look in Your logs.
>>> 
>>> - Did the client connect to port 25 or 578?
>>> 
>> 
>> 578
>> 
>>> - Did the client send starttls? That is logged in the "disconnect
>>> from" line.
>>> 
>> 
>> I don't see anything in the postfix logs (/var/log/maillog) from roundcube. 
>> I guess I need to enable debug.
> 
> No debug logging needed. This information is ALWAYS logged:
> 
> Example of client that sends starttls:
>disconnect from host[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 
> commands=7

When I grep for “disconnect from” I get 118,816 entries in the log. 20,297 of 
those are from one IP.

When I look in the logs for the timestamp that is in the roundcube smtp log, I 
find nothing.

[17-Jun-2024 15:24:58 -0500]:  Recv: 220 mail.stovebolt.com ESMTP 
Postfix
[17-Jun-2024 15:24:58 -0500]:  Send: EHLO www.stovebolt.com
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-mail.stovebolt.com
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-PIPELINING
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-SIZE 9
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-VRFY
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-ETRN
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-STARTTLS
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-AUTH PLAIN LOGIN
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-AUTH=PLAIN LOGIN
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-ENHANCEDSTATUSCODES
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-8BITMIME
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-DSN
[17-Jun-2024 15:24:58 -0500]:  Recv: 250-SMTPUTF8
[17-Jun-2024 15:24:58 -0500]:  Recv: 250 CHUNKING
[17-Jun-2024 15:24:58 -0500]:  Send: AUTH LOGIN
[17-Jun-2024 15:24:58 -0500]:  Recv: 334 VXNlcm5hbWU6
[17-Jun-2024 15:24:58 -0500]:  Send: Z2Vlaw==
[17-Jun-2024 15:24:58 -0500]:  Recv: 334 UGFzc3dvcmQ6
[17-Jun-2024 15:24:58 -0500]:  Send: ** [24]
[17-Jun-2024 15:24:58 -0500]:  Recv: 235 2.7.0 Authentication 
successful
[17-Jun-2024 15:24:58 -0500]:  Send: MAIL FROM:
[17-Jun-2024 15:24:58 -0500]:  Recv: 250 2.1.0 Ok
[17-Jun-2024 15:24:58 -0500]:  Send: RCPT TO:
[17-Jun-2024 15:24:58 -0500]:  Recv: 250 2.1.5 Ok
[17-Jun-2024 15:24:58 -0500]:  Send: RCPT 
TO:
[17-Jun-2024 15:24:58 -0500]:  Recv: 250 2.1.5 Ok
[17-Jun-2024 15:24:58 -0500]:  Send: DATA
[17-Jun-2024 15:24:58 -0500]:  Recv: 354 End data with 
.
[17-Jun-2024 15:24:58 -0500]:  Send: MIME-Version: 1.0

So, that’s one session in Roundcube. There should be a corresponding entry in 
the maillog, right?

grep "15:24:5" /var/log/maillog

Jun 16 15:24:56 ded602 postfix/smtpd[11494]: connect from unknown[80.244.11.69]
Jun 16 15:24:56 ded602 postfix/smtpd[11670]: connect from unknown[80.244.11.66]
Jun 16 15:24:57 ded602 postfix/smtpd[11491]: connect from unknown[80.244.11.120]
Jun 16 15:24:57 ded602 postfix/smtpd[10413]: connect from unknown[80.244.11.149]
Jun 16 15:24:57 ded602 postfix/smtpd[10411]: connect from unknown[80.244.11.118]
Jun 16 15:24:57 ded602 postfix/smtpd[11420]: disconnect from 
unknown[80.244.11.148] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:58 ded602 postfix/smtpd[11669]: connect from unknown[80.244.11.67]
Jun 16 15:24:58 ded602 postfix/smtpd[11317]: disconnect from 
unknown[80.244.11.121] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:58 ded602 postfix/smtpd[11318]: disconnect from 
unknown[80.244.11.148] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:58 ded602 postfix/smtpd[11668]: disconnect from 
unknown[80.244.11.119] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:58 ded602 postfix/smtpd[11420]: connect from unknown[80.244.11.146]
Jun 16 15:24:58 ded602 postfix/smtpd[10679]: disconnect from 
unknown[80.244.11.140] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:59 ded602 postfix/smtpd[10737]: disconnect from 
unknown[80.244.11.119] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:59 ded602 postfix/smtpd[11670]: disconnect from 
unknown[80.244.11.66] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:59 ded602 postfix/smtpd[10414]: disconnect from 
unknown[80.244.11.69] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 16 15:24:59 ded602 postfix/smtpd[11490]: connect from unknown[80.244.11.119]
Jun 17 15:24:57 ded602 postfix/smtpd[9578]: connect from unknown[80.94.95.242]

Now, this makes no sense to me at all. So, I grepped for o

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Wietse Venema via Postfix-users 
Paul Schmehl via Postfix-users:
> > On Jun 17, 2024, at 4:43?AM, Jaroslaw Rafa via Postfix-users 
> >  wrote:
> > 
> > Dnia 16.06.2024 o godz. 20:54:34 Paul Schmehl via Postfix-users pisze:
> >> 
> >> The odd thing is, I don't see any connection attempts at all in the mail
> >> logs.
> > 
> > May seem a strange question, but it's always first thing I check in case I
> > don't see any connection attempt in logs: Is your Roundcube really
> > connecting to the correct server? It's worth to double-check this.
> 
> It is: 
> 
> [17-Jun-2024 14:54:50 -0500]:  Connecting to 
> mail.stovebolt.com:25...
> [17-Jun-2024 14:54:50 -0500]:  Recv: 220 mail.stovebolt.com ESMTP 
> Postfix
> [17-Jun-2024 14:54:50 -0500]:  Send: EHLO www.stovebolt.com
> [17-Jun-2024 14:54:50 -0500]:  Recv: 250-mail.stovebolt.com

In that case you must also have Postfix logging.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Paul Schmehl via Postfix-users 
> On Jun 17, 2024, at 4:43 AM, Jaroslaw Rafa via Postfix-users 
>  wrote:
> 
> Dnia 16.06.2024 o godz. 20:54:34 Paul Schmehl via Postfix-users pisze:
>> 
>> The odd thing is, I don’t see any connection attempts at all in the mail
>> logs.
> 
> May seem a strange question, but it's always first thing I check in case I
> don't see any connection attempt in logs: Is your Roundcube really
> connecting to the correct server? It's worth to double-check this.

It is: 

[17-Jun-2024 14:54:50 -0500]:  Connecting to mail.stovebolt.com:25...
[17-Jun-2024 14:54:50 -0500]:  Recv: 220 mail.stovebolt.com ESMTP 
Postfix
[17-Jun-2024 14:54:50 -0500]:  Send: EHLO www.stovebolt.com
[17-Jun-2024 14:54:50 -0500]:  Recv: 250-mail.stovebolt.com

Paul Schmehl
paul.schm...@gmail.com



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Benny Pedersen via Postfix-users 

Jeff Peng via Postfix-users skrev den 2024-06-17 14:18:


$config['imap_host'] = 'ssl://localhost:993';

then RC will connect to server failed due to mis-configured certs.


$config['imap_conn_options'] = array ( 'ssl' => array ( 'verify_peer' => 
false, 'verify_peer_name' => false, ), );


but fair to have cert verify aswell, here on localhost is imho no sense 
to ensure it, its just wasted resources, where it works as wanted



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Bill Cole via Postfix-users 

On 2024-06-16 at 21:54:34 UTC-0400 (Sun, 16 Jun 2024 20:54:34 -0500)
Paul Schmehl via Postfix-users 
is rumored to have said:


I’m seeing this error in the roundcube logs:

[16-Jun-2024 20:28:58 -0500]:  SMTP Error: Authentication 
failure: mail.stovebolt.com

PIPELINING
SIZE 9
VRFY
ETRN
STARTTLS
ENHANCEDSTATUSCODES
8BITMIME
DSN
SMTPUTF8
CHUNKING


That is the response to RC's EHLO command. It is a list of supported 
SMTP extensions.


(Code: 250) in /var/www/html/webmail/program/lib/Roundcube/rcube.php 
on line 1794 (POST 
/webmail/?_task=mail&_unlock=loading1718587737852&_framed=1&_action=send)
[16-Jun-2024 20:34:16 -0500]:  PHP Error: SMTP server does 
not support authentication


RC is correct in saying that the server does not support authentication, 
because there is no AUTH line in that list.


This is proper because if you support PLAIN or LOGIN mechanisms, AUTH 
should only be offered after TLS has been started. So RC should be 
giving a STARTTLS command here, but it is not.


Configure Roundcube to use TLS and your problem should be solved.



(POST 
/webmail/?_task=mail&_unlock=loading1718588056454&_framed=1&_action=send)
[16-Jun-2024 20:34:16 -0500]:  SMTP Error: Authentication 
failure: mail.stovebolt.com

PIPELINING
SIZE 9
VRFY
ETRN
STARTTLS
ENHANCEDSTATUSCODES
8BITMIME
DSN
SMTPUTF8
CHUNKING (Code: 250) in 
/var/www/html/webmail/program/lib/Roundcube/rcube.php on line 1794 
(POST 
/webmail/?_task=mail&_unlock=loading1718588056454&_framed=1&_action=send)


The odd thing is, I don’t see any connection attempts at all in the 
mail logs. However, this log entry has me wondering. PHP Error: SMTP 
server does not support authentication


Should postfix be announcing that it accepts AUTH LOGIN?


Not on an insecure unencrypted session. After starting TLS, a second 
EHLO is sent and that will include AUTH.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: End of Data from client or postfix

2024-06-17 Thread Wietse Venema via Postfix-users 
a49093915 via Postfix-users:
> Thank you very much for your detailed response.
> 
> So as far as I understand Postfix can receive "." or 
> "." or even other "End of DATA's",
> but will always strip them and add its own "." "End of DATA" 
> for outgoing SMTP.
> (Additionally it also strips and adds parts of the DATA itself.)
> 
> Is there a ways to verify this on the postfix server? Or would it
> be required to setup another SMTP server and somehow watch the
> incoming mails on that one?

Please upgrade to Postfix stable release 3.8.5, 3.7.10, 3.6.14,
3.5.24 and read the announcement for how to configure Postfix.

https://www.postfix.org/announcements/postfix-3.8.5.html

To verify, use a network sniffer (for example, tcpdump or wireshark).

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Jeff Peng via Postfix-users 

I am also using roundcube + postfix + dovecot.
the host configuration for roundcube should be FQDN.
for example, mine is:

$config['imap_host'] = 'ssl://mail.tls-mail.com:993';
$config['smtp_host'] = 'ssl://mail.tls-mail.com:465';

you can't use something like:

$config['imap_host'] = 'ssl://localhost:993';

then RC will connect to server failed due to mis-configured certs.

regards.
Jeff
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Do I have sals authentication properly configured?

2024-06-17 Thread Wietse Venema via Postfix-users 
Paul Schmehl via Postfix-users:
> > On Jun 16, 2024, at 5:02?PM, Wietse Venema via Postfix-users 
> >  wrote:
> > 
> > Paul Schmehl via Postfix-users:
> >> I?m trying to sort out a problem with Roundcube failing to send email with 
> >> an error message that says SMTP Error(): authentication failed. In the 
> >> roundcube error log I find this:
> >> 
> >> [16-Jun-2024 13:58:24 -0500]: <5s9tomcd> PHP Error: SMTP server does not 
> >> support authentication (POST 
> >> /webmail/?_task=mail&_unlock=loading1718564304121&_framed=1&_action=send)
> >> [16-Jun-2024 13:58:24 -0500]: <5s9tomcd> SMTP Error: Authentication 
> >> failure: mail.stovebolt.com 
> > 
> > Look in Your logs.
> > 
> > - Did the client connect to port 25 or 578?
> > 
> 
> 578
> 
> > - Did the client send starttls? That is logged in the "disconnect
> > from" line.
> > 
> 
> I don't see anything in the postfix logs (/var/log/maillog) from roundcube. I 
> guess I need to enable debug.

No debug logging needed. This information is ALWAYS logged:

Example of client that sends starttls:
disconnect from host[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 
commands=7

Example of client that does not send starttls:
disconnect from host[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

In your case there may be only ehlo but no mail, rcpt, and so on.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Gary R. Schmidt via Postfix-users 

On 17/06/2024 17:28, Paul Schmehl wrote:
[SNIP]
How do you set up roundcube to not use authentication? I really don’t 
need it since it’s on the same machine as the mail server. What config 
options do I need to use?
That's how it works out of the box, or was when I set up up, just take 
the defaults and don't faff around with TLS because it's all on the same 
server.


Also, please do not reply directly, only to the list.

Cheers,
GaryB-)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting roundcube connections to postfix

2024-06-17 Thread Jaroslaw Rafa via Postfix-users 
Dnia 16.06.2024 o godz. 20:54:34 Paul Schmehl via Postfix-users pisze:
> 
> The odd thing is, I don’t see any connection attempts at all in the mail
> logs.

May seem a strange question, but it's always first thing I check in case I
don't see any connection attempt in logs: Is your Roundcube really
connecting to the correct server? It's worth to double-check this.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Do I have sals authentication properly configured?

2024-06-17 Thread Daryl via Postfix-users 
Does your roundcube config.inc.php have the smtp_host as
'tls://mail.stovebolt.com:587'; ? It will need the FQDN and not
localhost hence failing authentication??? I know somethig similar
happened to me a while back

Daryl

On 24-06-16 16:00:35, Paul Schmehl via Postfix-users wrote:
>I'm trying to sort out a problem with Roundcube failing to send email
>with an error message that says SMTP Error(): authentication failed. In
>the roundcube error log I find this:
> 
>[16-Jun-2024 13:58:24 -0500]: <5s9tomcd> PHP Error: SMTP server does
>not support authentication (POST
>/webmail/?_task=mail&_unlock=loading1718564304121&_framed=1&_action=sen
>d)
> 
>[16-Jun-2024 13:58:24 -0500]: <5s9tomcd> SMTP Error: Authentication
>failure: [1]mail.stovebolt.com
> 
>I was pretty sure that I had authentication enabled and working on
>Postix.
> 
>grep smtpd_sasl /etc/postfix/main.cf
> 
>smtpd_sasl_auth_enable = yes
> 
>smtpd_sasl_security_options = noanonymous
> 
>smtpd_sasl_local_domain = $myhostname
> 
>To test this I used openssl s_client to connect to postfix. I typed
>EHLO, then typed AUTH LOGIN. I was prompted for a username (converted
>to base 64), which I entered, and then for a password, which I entered.
>I was then able to type commands as expected.
> 
>I also tested using an incorrect password, and the login was rejected.
>So, it appears to me that postfix is working correctly
> 
>Paul Schmehl
>paul.schm...@gmail.com
> 
> References
> 
>1. http://mail.stovebolt.com/

> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: End of Data from client or postfix

2024-06-17 Thread a49093915 via Postfix-users 
> Line endings depends on context. UNIX files and commands use ,
> 
> whereas SMTP and LMTP use . Instead of picking a specific
> 
> line ending, Postfix uses none. Instead it stores a length and text.
> 
> When delivering mail, Postfix ADDS the line endings that are appropriate.
> 
> - The delivery agents for UNIX files and commands add  line endings.
> 
> The pipe daemon can also be configured to prepend "." and append
> .
> 
> 
> - The Postfix SMTP and LMTP clients add the SMTP encapsulation:
> they append  at the end of a line, and prepend "." to to
> 
> lines that start with ".". This behavior is required by the
> protocol and is not configurable.
> 
> For completeness, when receiving mail, Postfix strips line endings.
> 
> - The Postfix SMTP server REMOVES the SMTP encapsulation: the
>  line endings and "." at the start of a line.
> 
> 
> (for compatiility with poorly written apps, it may also permit
> bare  depending on "smtpd_forbid_bare_newline" configuration).
> 
> 
> - The Postfix sendmail command REMOVES the UNIX-style  line
> 
> ending.
> 
> (for compatibility with poorly written apps, it may also remove
>  depending on "sendmail_fix_line_endings" cxonfiguration)
> 
> 
> Additionally, the latest Postfix 3.5..2.9 versions will replace
>  or  in the middle of a line with the SPACE character.
> 
> This neutraslizes any attempts to inject false line endings.
> 
> Wietse

Thank you very much for your detailed response.

So as far as I understand Postfix can receive "." or 
"." or even other "End of DATA's",
but will always strip them and add its own "." "End of DATA" 
for outgoing SMTP.
(Additionally it also strips and adds parts of the DATA itself.)

Is there a ways to verify this on the postfix server? Or would it be required 
to setup another SMTP server and somehow watch the incoming mails on that one?

Alto
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org