LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   4MLinux (https://www.linuxquestions.org/questions/4mlinux-115/)
-   -   Postfix ports configuration in the 4MLinux Server 23.0 (for advanced users) (https://www.linuxquestions.org/questions/4mlinux-115/postfix-ports-configuration-in-the-4mlinux-server-23-0-for-advanced-users-4175616059/)

zk1234 10-20-2017 02:55 PM

Postfix ports configuration in the 4MLinux Server 23.0 (for advanced users)
 
Hi,

TheSSS 23.0 (using the 4MLinux Server 23.0) will be released during this weekend. It will come with Postfix ports preconfigured by me, meaning that everything should work out of the box.

1) Starting the server:
Code:

smtpd start
2) Let's see what is running:
Code:

root@4MLinux:~$ pscan localhost
Scanning localhost ports 1 to 1024
 Port        Proto        State        Service
  25        tcp        open        smtp
  465        tcp        open        smtps
  587        tcp        open        submission
1021 closed, 3 open, 0 timed out (or blocked) ports

3) Port 25:
Code:

root@4MLinux:~$ telnet localhost 25
220 4MLinux.localdomain ESMTP Postfix
EHLO ILOVELINUX.COM
250-4MLinux.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

4) Port 587:
Code:

root@4MLinux:~$ telnet localhost 587
220 4MLinux.localdomain ESMTP Postfix
EHLO ILOVELINUX.COM
250-4MLinux.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

5) Port 465:
Code:

openssl s_client -connect localhost:465
CONNECTED(00000003)
depth=0 C = PL, ST = Mazovia Province, L = Warsaw, O = Stunnel Developers, OU = Provisional CA, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = PL, ST = Mazovia Province, L = Warsaw, O = Stunnel Developers, OU = Provisional CA, CN = localhost
verify return:1
---
Certificate chain
 0 s:/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
  i:/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMVOs5yxJP94MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
VQQGEwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fy
c2F3MRswGQYDVQQKDBJTdHVubmVsIERldmVsb3BlcnMxFzAVBgNVBAsMDlByb3Zp
c2lvbmFsIENBMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTcxMDE4MTYzODIyWhcN
MTgxMDE4MTYzODIyWjCBgzELMAkGA1UEBhMCUEwxGTAXBgNVBAgMEE1hem92aWEg
UHJvdmluY2UxDzANBgNVBAcMBldhcnNhdzEbMBkGA1UECgwSU3R1bm5lbCBEZXZl
bG9wZXJzMRcwFQYDVQQLDA5Qcm92aXNpb25hbCBDQTESMBAGA1UEAwwJbG9jYWxo
b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GdBPSWOBJYmR4PC
2OIWcYPf7eiFOUviPF1MFQRMAir50gKMB7zb1gkxt97kFxo2zhzFV4DL5Ci1D6Mq
rPwN7pI+3xdcZ6FZ1iOkscaGSDIQ+n4PuOf1APVzJMkQdCzw63dkIRh+R0v6VU7y
JCEfCuib9+lDmRLUL6xvLglYmWnMh4CxrhKo87QSIucvmxZTG3XPX0I+BWLEHPMy
grMSB+/LMSisl4TKn/UyBNdvHBVGk1UPa2VP7Jk8zzmjsp8lp2heH4oEWKYo1YMD
dBaAoqEMk5sAyMykNUJDNYchTT2ineUNH2JkHoGECSvBIXNDq+w4FCpLMFuVRUzO
BYdw0QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQAD
ggEBAFz9nJaAmBrx5XYetSpZb4ydNNEhI0MEwT/AHFP91bwHrpxPtL8RdcicoyJo
FnWKHC+5lisBzqk1yb+7vvVDqJ2pxMCeY9t5U1b8+kQSSbsi6H0Y7S1Gk+pVnrGt
RNJvZWpVRR0bQbRjdwRw3X8E+L/AN0marDeCBGuu/xsmdB1SfeqeONipawD01pyT
1wPOTngFqhjn/rUZjg7B0WpJ1lwj+ce0InNCLBZcqPzy10Qi3oMp5UWTORe5Zra0
1vuq8UwRzQF1cRcCH7mIQjyCABtD7p8nw26xpmk2cvpWFVGoFVYbcU+xSD3YHCiW
rYNAoE7PfX6Qo75HnFbxZGUu3CU=
-----END CERTIFICATE-----
subject=/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
issuer=/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1444 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 38D39BC76E3E1276B5775DA20E71E083F1369E230E20999FF8A0076E04C18980
    Session-ID-ctx:
    Master-Key: 46B94FC66B977F906AEA9C7435FD3730DC108DA838C7C4CBFE314780118E1BC497EEE1D0A4A0BD50F1124E47AD4EC381
    Key-Arg  : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1508527965
    Timeout  : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
220 4MLinux.localdomain ESMTP Postfix
EHLO ILOVELINUX.ORG
250-4MLinux.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

The three ports tested above behave as they should do.
I DO NOT recommend to use the "SMTP Authentication And Encryption" section of Webmin. You will end up with setting up, for example, STARTTLS on port 25. I don't like this idea, just like I do not expect the "https" connection on port 80.

.


All times are GMT -5. The time now is 05:48 AM.