Devocot + Postfix = SSL connection not working

rysic · 01-21-2012, 04:31 AM

Hello!
I want to configure Doevocot and Postfix in Debian to use SSL connections.

Configurations looks like:

Code:

###POSTFIX###
mail_owner = postfix
home_mailbox = Maildir/
mail_spool_directory = /home/

myorigin = rysic.test.org

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable =yes
smtpd_security_options = noanonymous
broken_sasl_auth_client = yes
smtpd_sasl_local_domain = $myhostname

append_dot_mydomain = no

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = plhqsrmail01.rysic.test.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = rysic.test.org
mydestination = rysic.test.org, plhqsrmail01.rysic.test.org, localhost, rysic.test.org, localhost, 
relay_domains=$mydestination
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Code:

 ###DOVECOT###
 base_dir = /var/run/dovecot
protocols = imap imaps pop3 pop3s
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "

ssl = yes
ssl_cert_file = /etc/postfix/ssl/mail.pem
ssl_key_file = /etc/postfix/ssl/mail.pem

verbose_ssl = yes

mail_location = maildir:~/Maildir
mail_privileged_group = mail
mail_access_groups = postfix

protocol imap {
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}
protocol managesieve {
}

protocol lda {
  postmaster_address = root@rysic.dynsnd.org

}
auth_verbose = yes

auth_debug = yes
auth default {
  mechanisms = plain login
  passdb pam {
  }
  passdb passwd {
  }
  userdb passwd {
  }
  user = root
  socket listen {
    client {
      path = /var/run/dovecot/auth-client
      mode = 0660
        user = postfix
        group = postfix
    }
  }
}
dict {
}
plugin {
}

I enabled also smtps in postfix master.cf.

I can send e-mails via port 25 without SSL but can not sent via 465 using SSL/TLS.

In log file I can see

Code:

Jan 21 05:29:05 plhqsrmail01 postfix/smtpd[4729]: connect from atk38.neoplus.adsl.tpnet.pl[83.26.248.38]
Jan 21 05:29:34 plhqsrmail01 postfix/smtpd[4729]: lost connection after UNKNOWN from atk38.neoplus.adsl.tpnet.pl[83.26.248.38]
Jan 21 05:29:34 plhqsrmail01 postfix/smtpd[4729]: disconnect from atk38.neoplus.adsl.tpnet.pl[83.26.248.38]

In mail client I have timeout.

MartinStrec · 01-21-2012, 03:54 PM

Look for smtpd_sasl_security_options and work around.
Look for smtpd_recipient_restrictions and work around.

see http://www.postfix.org/postconf.5.ht...curity_options

rysic · 01-21-2012, 05:21 PM

I don't get your poing. There is:
smtpd_sasl_security_options (default: noanonymous)
and it is OK. I don't need anonymous access. I have users which work for POP3, so they have to also work for SMTP, yes?

I configured also

Code:

smtpd_recipient_restrictions = reject_unauth_destination

Did you wrote about that?

MartinStrec · 01-22-2012, 04:12 AM

I'm not sure if I missed anything in your configuration. I guess there has to be:
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination

or (if you want enable localhost etc.)
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

probably recommended (default: no)
smtpd_tls_auth_only=yes