Re: Problem about STATTLS and TLS
On 2014/8/29 3:26, li...@rhsoft.net wrote: > Am 28.08.2014 um 21:16 schrieb Leon Wei: >> I setup a mail system with centos-postfix-dovecot, I can sent mail with >> STARTTLS >> in port 25, but SSL/TLS (port 993) doesn't work. > how is 993 related to SMTP or postfix? > 993 is IMAP over SSL and your daemon > listening on the port is most likely > not a SMTP server Sorry, I wrote a wrong port number, in fact SSL/TLS port should be 465. > > SMTP over SSL is 465 and needs to be enabled in *master.cf* > with "-o smtpd_tls_wrappermode=yes" which *must* not be > enabled for STARTTLS ports > > 465 inet n - n - 60 smtpd > -o smtpd_client_connection_count_limit=15 > -o smtpd_client_connection_rate_limit=80 > -o smtpd_sasl_auth_enable=yes > -o smtpd_delay_reject=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o smtpd_relay_restrictions= > -o smtpd_tls_wrappermode=yes > -o max_idle=1800 > -o max_use=500 > -o syslog_name=postfix/smtps By your suggestion, I have fixed the problem. SSL/TLS port is listening on 465 and working well now.Thanks for your help! -- *Leon Wei* Guangzhou, China E-mail: leon...@mail.kingdest.com
Re: Problem about STATTLS and TLS
Am 28.08.2014 um 21:16 schrieb Leon Wei: > I setup a mail system with centos-postfix-dovecot, I can sent mail with > STARTTLS > in port 25, but SSL/TLS (port 993) doesn't work. how is 993 related to SMTP or postfix? 993 is IMAP over SSL and your daemon listening on the port is most likely not a SMTP server SMTP over SSL is 465 and needs to be enabled in *master.cf* with "-o smtpd_tls_wrappermode=yes" which *must* not be enabled for STARTTLS ports 465 inet n - n - 60 smtpd -o smtpd_client_connection_count_limit=15 -o smtpd_client_connection_rate_limit=80 -o smtpd_sasl_auth_enable=yes -o smtpd_delay_reject=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions= -o smtpd_tls_wrappermode=yes -o max_idle=1800 -o max_use=500 -o syslog_name=postfix/smtps
Problem about STATTLS and TLS
Hi, How do you do. I setup a mail system with centos-postfix-dovecot, I can sent mail with STARTTLS in port 25, but SSL/TLS (port 993) doesn't work. This is related configuration in main.cf: smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_tls_security_level = encrypt smtpd_tls_loglevel = 4 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/postfix/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, reject_unauth_pipelining [root@centos postfix]# netstat -ln |more Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp0 0 :::25 :::*LISTEN Can anyone tell me what's wrong with my system? By the way, there is INPUT & OUTPUT ACCEPT in iptables. -- *Leon Wei* Guangzhou, China E-mail: leon...@mail.kingdest.com