Re: Problem about STATTLS and TLS
On 2014/8/29 3:26, li...@rhsoft.net wrote: > Am 28.08.2014 um 21:16 schrieb Leon Wei: >> I setup a mail system with centos-postfix-dovecot, I can sent mail with >> STARTTLS >> in port 25, but SSL/TLS (port 993) doesn't work. > how is 993 related to SMTP or postfix? > 993 is IMAP over SSL and your daemon > listening on the port is most likely > not a SMTP server Sorry, I wrote a wrong port number, in fact SSL/TLS port should be 465. > > SMTP over SSL is 465 and needs to be enabled in *master.cf* > with "-o smtpd_tls_wrappermode=yes" which *must* not be > enabled for STARTTLS ports > > 465 inet n - n - 60 smtpd > -o smtpd_client_connection_count_limit=15 > -o smtpd_client_connection_rate_limit=80 > -o smtpd_sasl_auth_enable=yes > -o smtpd_delay_reject=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o smtpd_relay_restrictions= > -o smtpd_tls_wrappermode=yes > -o max_idle=1800 > -o max_use=500 > -o syslog_name=postfix/smtps By your suggestion, I have fixed the problem. SSL/TLS port is listening on 465 and working well now.Thanks for your help! -- *Leon Wei* Guangzhou, China E-mail: leon...@mail.kingdest.com
Re: Problem about STATTLS and TLS
Am 28.08.2014 um 21:16 schrieb Leon Wei: > I setup a mail system with centos-postfix-dovecot, I can sent mail with > STARTTLS > in port 25, but SSL/TLS (port 993) doesn't work. how is 993 related to SMTP or postfix? 993 is IMAP over SSL and your daemon listening on the port is most likely not a SMTP server SMTP over SSL is 465 and needs to be enabled in *master.cf* with "-o smtpd_tls_wrappermode=yes" which *must* not be enabled for STARTTLS ports 465 inet n - n - 60 smtpd -o smtpd_client_connection_count_limit=15 -o smtpd_client_connection_rate_limit=80 -o smtpd_sasl_auth_enable=yes -o smtpd_delay_reject=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions= -o smtpd_tls_wrappermode=yes -o max_idle=1800 -o max_use=500 -o syslog_name=postfix/smtps
Problem about STATTLS and TLS
Hi,
How do you do.
I setup a mail system with centos-postfix-dovecot, I can sent mail with
STARTTLS in port 25, but SSL/TLS (port 993) doesn't work.
This is related configuration in main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_tls_security_level = encrypt
smtpd_tls_loglevel = 4
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/postfix/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination,
reject_unknown_recipient_domain, reject_unauth_pipelining
[root@centos postfix]# netstat -ln |more
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign
Address State
tcp0 0 0.0.0.0:143
0.0.0.0:* LISTEN
tcp0 0 0.0.0.0:25
0.0.0.0:* LISTEN
tcp0 0 0.0.0.0:993
0.0.0.0:* LISTEN
tcp0 0 :::25
:::*LISTEN
Can anyone tell me what's wrong with my system?
By the way, there is INPUT & OUTPUT ACCEPT in iptables.
--
*Leon Wei*
Guangzhou, China
E-mail: leon...@mail.kingdest.com
