Hi, i setup a new server some time ago and was now moving some virtual servers to it. Certs are being made via letsencrypt, which is working very well now and i also pointed Dovecot and Postfix to the certs from letsencrypt.
Now it looks like, that i can connect to dovecot via SSL, but not to postfix (for SMTP) Postfix will only allow connections on Port 25. I am pretty sure, that i am overlooking something important, but i cannot get it. My postfix maincf is as follows:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/server.example.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/server.example.com/privkey.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatroy_ciphers = high
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server.example.com, localhost.example.com, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no
smtp_use_tls = yes
Any help truly appreciated. It also looks like the emails can be sent to another server of mine but not to other mailserveres. Very strange.
Best
Howdy,
Do you receive an error when trying to connect to port 465 or 587?
Also, what is the output of these commands:
netstat -an | grep :465netstat -an | grep 587
root@server ~ # netstat -an | grep 587tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp6 0 0 :::587 :::* LISTEN
root@server ~ # netstat -an | grep 465
unix 2 [ ] DGRAM 15465
And here a part from the logfile:
Aug 11 11:53:36 server postfix/smtpd[13296]: connect from x4db438c7.example.com[196.196.196.199]Aug 11 11:53:43 server postfix/smtpd[13296]: 4151E581B75: client=x4db438c7.example.com[196.196.196..199], sasl_method=PLAIN, sasl_username=info.example
Aug 11 11:53:43 server postfix/cleanup[13299]: 4151E581B75: message-id=<57AC4C37.8000501@example.com>
Aug 11 11:53:43 serve2 postfix/smtpd[13296]: disconnect from x4db438c7.example.com [196.196.196.199]
This user seems to be able to send emails to different server, another can't, which i will further investigate, but i am wondering, since it says sasl_method PLAIN.
Hmmm. Thanks