Postfix TLS

Discussion in 'Installation/Configuration' started by jerome1362, Jan 10, 2014.

  1. jerome1362

    jerome1362 New Member

    I ispconfig installed on a dedicated, but I would not SSL or TLS for sending mail how? Only with user and password.

    I looked postfix main.cf without seeing anything!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look at the master.cf file, not main.cf.
     
  3. jerome1362

    jerome1362 New Member

    Français :

    J'ai aussi regardé dans le master.cf, sans résultat, quand je fait avec TLS sur outlook il me demande de valider un certificat, ce que je veus s'est utiliser le port 587 comme le port 25. Sans certificat et sans TLS/SSL

    English :

    I also looked in the master.cf, without result, when I did with TLS on outlook it asks me to validate a certificate, I was veus use port 587 as port 25. Without certificate and without TLS / SSL
    Reply With Quote
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. jerome1362

    jerome1362 New Member

    I want in outlook, it does not have certificates, because the one I expire in two years. My old server does not have a certificate to port 587
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Normally the submission port is encrypted. yif you use your server in a local network only, then you can disable encryption off course:

    Edit the postfix master.cf file and change the submission section like this:

    Code:
    submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    
     
  7. jerome1362

    jerome1362 New Member

    I restart postfix. It changes nothing

    Code:
    smtp      inet  n       -       -       -       -       smtpd
    #smtp      inet  n       -       -       -       1       postscreen
    #smtpd     pass  -       -       -       -       -       smtpd
    #dnsblog   unix  -       -       -       -       0       dnsblog
    #tlsproxy  unix  -       -       -       -       0       tlsproxy
    
    submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    
     smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains,reject
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if you deleted the smtps line, which has to be just before the line:

    smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains,reject

    you will either have to add the smtps line again or comment out the line

    smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains,reject
     
  9. jerome1362

    jerome1362 New Member

    No


    Code:
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix	-	n	n	-	2	pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    # ispconfig 3
    submission inet n       -       -       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    smtps     inet  n       -       -       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    dovecot   unix  -       n       n       -       -       pipe
      flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, this file showes that you havent done what I suggested you to do in #6. Please reread #6 and apply the changes to the submission part.
     

Share This Page