LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-30-2013, 11:41 AM   #1
marciano
Member
 
Registered: Oct 2005
Location: Uruguay
Distribution: CentOS 5.10 Ubuntu 12.4 MacOS 10.9
Posts: 113

Rep: Reputation: 17
Enable SMTP SSL/TLS (Centos 5.9 - Postfix - Dovecot)


Hello,

I followed instructions from http://wiki.centos.org/HowTos/postfix_sasl to setup a secure mail server.
The last line talks about configuring email clients, Thunderbird in server settings "select SSL".
This is SSL/TLS, it works okay for incoming mail, port 995.
But it doesn't for SMTP.
STARTTLS on port 587 works fine but SSL/TLS on port 465 does not: "connection timeout" when trying to send an email.
I would like to know how what I am missing to send SSL/TLS mail.

Some data in reference to the steps in http://wiki.centos.org/HowTos/postfix_sasl
Slight difference in my main.conf:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:/var/spool/postfix/postgrey/socket

Telnet on port 25 also contains AUTH PLAIN (after ssl implementation)(wiki says it shouldn't be):
250-PIPELINING
250-SIZE 50480000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

#One line from maillog:
dovecot: pop3-login: Login: user=<bob>, method=PLAIN, rip=::ffff:x.x.17.166, lip=::ffff:y.y.y.54, TLS
#Another line from maillog
dovecot: imap-login: Login: user=<bob>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
##This is from squirrelmail
#Another line from maillog
postfix/smtpd[8948]: TLS connection established from ......: SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)
##Sending mail with STARTTLS

master.conf
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
465 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
587 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes

Thank you
 
Old 05-03-2013, 12:33 PM   #2
siremaxus
Member
 
Registered: May 2013
Posts: 75

Rep: Reputation: Disabled
Hi,

Have you checked this option?

http://www.faqforge.com/linux/how-to...ix-mailserver/

Regards,

Sire Maxus
 
Old 05-03-2013, 03:19 PM   #3
marciano
Member
 
Registered: Oct 2005
Location: Uruguay
Distribution: CentOS 5.10 Ubuntu 12.4 MacOS 10.9
Posts: 113

Original Poster
Rep: Reputation: 17
Hello Sire Maxus, thanks for your reply.

Well, forget 465
"Even in 2013, there are still services that continue to offer the deprecated SMTPS interface on port 465 in addition to (or instead of!) the RFC-compliant message submission interface on the port 587 defined by RFC 6409.[6] Service providers that maintain port 465 do so because [7] older Microsoft applications (including Entourage v10.0) do not support STARTTLS, [8] and thus not the smtp-submission standard (ESMTPS on port 587). The only way for service providers to offer those clients an encrypted connection is to maintain port 465."

Thanks again,
M
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DOVECOT SSL/TLS connection problem on port 993 or 995 volga629 Linux - Server 9 12-16-2009 08:30 PM
dovecot SSL/TLS non-PAM config went awry molafish Linux - Software 1 03-19-2009 11:59 PM
Simple Mailserver with sendmail, dovecot and SSL/TLS dsh Linux - Server 0 10-16-2008 02:11 PM
Dovecot - TLS doesnt work while SSL does extasic Linux - Server 2 10-07-2008 05:57 PM
opensuse 10.3 and sending smtp via SSL/TLS newbuyer17 Linux - Server 1 02-27-2008 02:26 AM


All times are GMT -5. The time now is 04:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration