From: Brian Evans - Postfix List (grknightscent-team.com)
Date: Thu Jul 16 2009 - 09:41:26 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Juan Miscaro wrote:
> I had STARTTLS working for port 25 for many months with no problem. I
> am using amavisd-new/spamassassin as content filter. But now, due to
> port blocking, I need to set this up on port 587 so I can send mail
> directly to my server with my mail client (thunderbird).
>
> I made a change to master.cf by duplicating what I had for port 25 and
> added tls and smtp-auth:
>
> # Step 1b - Listens on port 587 for incoming internet connections from MUAs
> # and hands off mail to content filter listening on port 10024
> 587 inet n - n - 2 smtpd
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o content_filter=smtp-amavis:[127.0.0.1]:10024
> -o receive_override_options=no_address_mappings
>
>
> Yet when I telnet from localhost Postfix is not offering any services:
>
> $ telnet localhost 587
> Trying ::1...
> telnet: connect to address ::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 mail.example.com ESMTP
> helo localhost
>

Unless you send "EHLO localhost", you will never see it.

> 250 mail.example.com
> quit
> 221 2.0.0 Bye
> Connection closed by foreign host.
>
>
> Here is my current configuration:
>
> $ postconf -n
>
> smtpd_tls_security_level = encrypt
>
You want to block all smtpd's if they don't use TLS??
This is only recommended on a submission port.
Otherwise, it can/will block normal internet mail.

Suggested main.cf setting is "smtpd_tls_security_level = may", then
override in master.cf if needed.

Brian

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]