Hi,
TheSSS 23.0 (using the 4MLinux Server 23.0) will be released during this weekend. It will come with Postfix ports preconfigured by me, meaning that everything should work out of the box.
1) Starting the server:
2) Let's see what is running:
Code:
root@4MLinux:~$ pscan localhost
Scanning localhost ports 1 to 1024
Port Proto State Service
25 tcp open smtp
465 tcp open smtps
587 tcp open submission
1021 closed, 3 open, 0 timed out (or blocked) ports
3) Port 25:
Code:
root@4MLinux:~$ telnet localhost 25
220 4MLinux.localdomain ESMTP Postfix
EHLO ILOVELINUX.COM
250-4MLinux.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
4) Port 587:
Code:
root@4MLinux:~$ telnet localhost 587
220 4MLinux.localdomain ESMTP Postfix
EHLO ILOVELINUX.COM
250-4MLinux.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
5) Port 465:
Code:
openssl s_client -connect localhost:465
CONNECTED(00000003)
depth=0 C = PL, ST = Mazovia Province, L = Warsaw, O = Stunnel Developers, OU = Provisional CA, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = PL, ST = Mazovia Province, L = Warsaw, O = Stunnel Developers, OU = Provisional CA, CN = localhost
verify return:1
---
Certificate chain
0 s:/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
i:/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMVOs5yxJP94MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
VQQGEwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fy
c2F3MRswGQYDVQQKDBJTdHVubmVsIERldmVsb3BlcnMxFzAVBgNVBAsMDlByb3Zp
c2lvbmFsIENBMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTcxMDE4MTYzODIyWhcN
MTgxMDE4MTYzODIyWjCBgzELMAkGA1UEBhMCUEwxGTAXBgNVBAgMEE1hem92aWEg
UHJvdmluY2UxDzANBgNVBAcMBldhcnNhdzEbMBkGA1UECgwSU3R1bm5lbCBEZXZl
bG9wZXJzMRcwFQYDVQQLDA5Qcm92aXNpb25hbCBDQTESMBAGA1UEAwwJbG9jYWxo
b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GdBPSWOBJYmR4PC
2OIWcYPf7eiFOUviPF1MFQRMAir50gKMB7zb1gkxt97kFxo2zhzFV4DL5Ci1D6Mq
rPwN7pI+3xdcZ6FZ1iOkscaGSDIQ+n4PuOf1APVzJMkQdCzw63dkIRh+R0v6VU7y
JCEfCuib9+lDmRLUL6xvLglYmWnMh4CxrhKo87QSIucvmxZTG3XPX0I+BWLEHPMy
grMSB+/LMSisl4TKn/UyBNdvHBVGk1UPa2VP7Jk8zzmjsp8lp2heH4oEWKYo1YMD
dBaAoqEMk5sAyMykNUJDNYchTT2ineUNH2JkHoGECSvBIXNDq+w4FCpLMFuVRUzO
BYdw0QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQAD
ggEBAFz9nJaAmBrx5XYetSpZb4ydNNEhI0MEwT/AHFP91bwHrpxPtL8RdcicoyJo
FnWKHC+5lisBzqk1yb+7vvVDqJ2pxMCeY9t5U1b8+kQSSbsi6H0Y7S1Gk+pVnrGt
RNJvZWpVRR0bQbRjdwRw3X8E+L/AN0marDeCBGuu/xsmdB1SfeqeONipawD01pyT
1wPOTngFqhjn/rUZjg7B0WpJ1lwj+ce0InNCLBZcqPzy10Qi3oMp5UWTORe5Zra0
1vuq8UwRzQF1cRcCH7mIQjyCABtD7p8nw26xpmk2cvpWFVGoFVYbcU+xSD3YHCiW
rYNAoE7PfX6Qo75HnFbxZGUu3CU=
-----END CERTIFICATE-----
subject=/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
issuer=/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1444 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 38D39BC76E3E1276B5775DA20E71E083F1369E230E20999FF8A0076E04C18980
Session-ID-ctx:
Master-Key: 46B94FC66B977F906AEA9C7435FD3730DC108DA838C7C4CBFE314780118E1BC497EEE1D0A4A0BD50F1124E47AD4EC381
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1508527965
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
220 4MLinux.localdomain ESMTP Postfix
EHLO ILOVELINUX.ORG
250-4MLinux.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
The three ports tested above behave as they should do.
I DO NOT recommend to use the "SMTP Authentication And Encryption" section of Webmin. You will end up with setting up, for example, STARTTLS on port 25. I don't like this idea, just like I do not expect the "https" connection on port 80.
.