HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Installation/Configuration (
-   -   exclude localhost from postfix sasl, tls (

sygram 14th July 2012 10:10

exclude localhost from postfix sasl, tls
Hi there,

due to pci dss check i am trying to allow only secure connections to postfix and exclude sslv2. I've added the following lines to

smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_auth_only = yes
smtpd_tls_security_level = encrypt

and now as far as i can see it accepts only TLS connections. Unfortunately i can not connect simply from localhost to 25 and various web apps that do not authenticate locally can not send emails.

So my questions are :

1) how do i allow unencrypted and anonymous connections from localhost (as before)
2) how do instruct dovecot to use encrypted passwords ?

Thank you in advance.



sygram 16th July 2012 14:09

Hi there,

only if i change smtpd_tls_security_level = encrypt to "may" i can send email from localhost as tls is not mandatory in this case.

I am not sure how to auto authorize localhost to sasl. This is what maillog prints :

Jul 16 14:01:56 server postfix/smtpd[7778]: connect from server[]
Jul 16 14:01:56 server postfix/smtpd[7778]: lost connection after EHLO from server []
Jul 16 14:01:56 server postfix/smtpd[7778]: disconnect from server[]

i tried to add smtpd_sasl_exceptions_networks = $mynetworks where mynetworks = but nothing

Any ideas ?

sygram 28th July 2012 13:17

any assistance will be appreciated.

createch 30th July 2012 04:31

Did you try to use sendmail thru another port , e.g. 1025 (instead of using postix on port 25) to send out the email from localhost ? What is the result ?

sygram 30th July 2012 13:13

Hi createch,

i appreciate your reply.

I actually managed to find a solution that i am posting to save a lot of time for anyone else having the same issue.

the solution is to change the file :

submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit _sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit _sasl_authenticated,reject

enable submission and smtps and added permit_mynetworks accordingly. Now i use ssl over port 465.

Everything safe and secure.


All times are GMT +2. The time now is 01:13.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.