Greetings Dear Friends !
i have Postfix Running On CentOS 6.2 x86_64, TLS/SASL is already configured and working.
Can anyone please assist me how to configure Postfix to listen and accept TLS connections on smtp:465?
Thanks / Regards Prabhpal S. Mavi
From: Prabhpal S. Mavi prabhpal@digital-infotech.net
i have Postfix Running On CentOS 6.2 x86_64, TLS/SASL is already configured and working. Can anyone please assist me how to configure Postfix to listen and accept TLS connections on smtp:465?
Google says to look in master.cf
JD
Hi Dear All,
Just updating with the post, following configured Postfix to listen on Port 587. Yet to find out, how to enable 465.
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Thanks / Regards
From: Prabhpal S. Mavi prabhpal@digital-infotech.net
i have Postfix Running On CentOS 6.2 x86_64, TLS/SASL is already configured and working. Can anyone please assist me how to configure Postfix to listen and accept TLS connections on smtp:465?
Google says to look in master.cf
JD
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
On 3/30/2012 12:49 PM, Prabhpal S. Mavi wrote:
Hi Dear All,
Just updating with the post, following configured Postfix to listen on Port 587. Yet to find out, how to enable 465.
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
port 465 is default for smtps...not smtp smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
open it on your iptables too
Hello BoB,
Thanks for you kind assistance, your solution opened the SMTP:465 on the postfix server.
But when i telnet 587, i can see 220 in response. [root@jet postfix]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.digital-infotech.com ESMTP Postfix (2.6.6)
But when i telnet to 465, i do not see 220 in response. is it normal? [root@jet postfix]# telnet localhost 465 Trying ::1... Connected to localhost. Escape character is '^]'.
Thanks / Regards
On 3/30/2012 12:49 PM, Prabhpal S. Mavi wrote:
Hi Dear All,
Just updating with the post, following configured Postfix to listen on Port 587. Yet to find out, how to enable 465.
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
port 465 is default for smtps...not smtp smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
open it on your iptables too _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
On 3/31/2012 7:11 AM, Prabhpal S. Mavi wrote:
Hello BoB,
Thanks for you kind assistance, your solution opened the SMTP:465 on the postfix server.
But when i telnet 587, i can see 220 in response. [root@jet postfix]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.digital-infotech.com ESMTP Postfix (2.6.6)
But when i telnet to 465, i do not see 220 in response. is it normal? [root@jet postfix]# telnet localhost 465 Trying ::1... Connected to localhost. Escape character is '^]'.
Thanks / Regards
On 3/30/2012 12:49 PM, Prabhpal S. Mavi wrote:
Hi Dear All,
Just updating with the post, following configured Postfix to listen on Port 587. Yet to find out, how to enable 465.
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
port 465 is default for smtps...not smtp smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
open it on your iptables too _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
you have to also add stuff to postfix to properly deal with sasl/ssl connections in the main.cf. Google for a tutorial..there are a few commands that have to be added.
On 3/31/2012 7:11 AM, Prabhpal S. Mavi wrote:
Hello BoB,
Thanks for you kind assistance, your solution opened the SMTP:465 on the postfix server.
But when i telnet 587, i can see 220 in response. [root@jet postfix]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.digital-infotech.com ESMTP Postfix (2.6.6)
But when i telnet to 465, i do not see 220 in response. is it normal? [root@jet postfix]# telnet localhost 465 Trying ::1... Connected to localhost. Escape character is '^]'.
Thanks / Regards
On 3/30/2012 12:49 PM, Prabhpal S. Mavi wrote:
Hi Dear All,
Just updating with the post, following configured Postfix to listen on Port 587. Yet to find out, how to enable 465.
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
port 465 is default for smtps...not smtp smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
open it on your iptables too _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I thought port 465 SSL was deprecated and replaced with port 587 TLS?
On 3/31/2012 7:36 AM, Jonathan Vomacka wrote:
I thought port 465 SSL was deprecated and replaced with port 587 TLS? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
from what I read, and what I use..
25 is the normal smtp port, 587 is an alternative since isps started blocking port 25
smtps uses 465
POPs and IMAPS use the 995 993 regular pop / imap is 110 and 143 or 220
at least my postfix seems to use 465 and the 900s as default for imap,pop, and smtp using encryption.
Am 31.03.2012 13:36, schrieb Jonathan Vomacka:
On 3/31/2012 7:11 AM, Prabhpal S. Mavi wrote:
But when i telnet 587, i can see 220 in response. [root@jet postfix]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.digital-infotech.com ESMTP Postfix (2.6.6)
But when i telnet to 465, i do not see 220 in response. is it normal? [root@jet postfix]# telnet localhost 465 Trying ::1... Connected to localhost. Escape character is '^]'.
Expected behaviour. Bear in mind that 465 is the old deprecated SMTPS (SMTP over SSL) port which just runs SMTP over an SSL session. Postfix cannot send a greeting on that port without completing the SSL handshake first, but Telnet doesn't speak SSL. So Postfix is just waiting in vain for the SSL handshake.
I thought port 465 SSL was deprecated
Correct.
and replaced with port 587 TLS?
Not quite. It's replaced with STARTTLS which works over port 25 (SMTP) as well as 587 (MSP).
HTH T.
On 3/31/2012 8:16 AM, Tilman Schmidt wrote:
Am 31.03.2012 13:36, schrieb Jonathan Vomacka:
On 3/31/2012 7:11 AM, Prabhpal S. Mavi wrote:
But when i telnet 587, i can see 220 in response. [root@jet postfix]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.digital-infotech.com ESMTP Postfix (2.6.6)
But when i telnet to 465, i do not see 220 in response. is it normal? [root@jet postfix]# telnet localhost 465 Trying ::1... Connected to localhost. Escape character is '^]'.
Expected behaviour. Bear in mind that 465 is the old deprecated SMTPS (SMTP over SSL) port which just runs SMTP over an SSL session. Postfix cannot send a greeting on that port without completing the SSL handshake first, but Telnet doesn't speak SSL. So Postfix is just waiting in vain for the SSL handshake.
I thought port 465 SSL was deprecated
Correct.
and replaced with port 587 TLS?
Not quite. It's replaced with STARTTLS which works over port 25 (SMTP) as well as 587 (MSP).
HTH T. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Tilman,
Thanks for the correction. I wanted the mailing list to be aware that smtps (465) is deprecated and replaced with (as you said) SMARTTLS. Anyone creating a brand new mail server should use this method.
Hi Dear All,
I thanks everyone for their input & explanation on this request. So much valuable info you guys exchange through emails. Well done Thanks / Regards
Am 31.03.2012 13:36, schrieb Jonathan Vomacka:
On 3/31/2012 7:11 AM, Prabhpal S. Mavi wrote:
But when i telnet 587, i can see 220 in response. [root@jet postfix]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.digital-infotech.com ESMTP Postfix (2.6.6)
But when i telnet to 465, i do not see 220 in response. is it normal? [root@jet postfix]# telnet localhost 465 Trying ::1... Connected to localhost. Escape character is '^]'.
Expected behaviour. Bear in mind that 465 is the old deprecated SMTPS (SMTP over SSL) port which just runs SMTP over an SSL session. Postfix cannot send a greeting on that port without completing the SSL handshake first, but Telnet doesn't speak SSL. So Postfix is just waiting in vain for the SSL handshake.
I thought port 465 SSL was deprecated
Correct.
and replaced with port 587 TLS?
Not quite. It's replaced with STARTTLS which works over port 25 (SMTP) as well as 587 (MSP).
HTH T. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
You can run an smtp server on any port you want. The advantage to not using one of the standard ports is that you won't have as many attacks from spammers and password guessing attacks.
The smtp parameters that are specified in main.cf are the default for all of your smtp servers however any of the parameters can be overridden in master.cf. So to define an smtp server on port 1234 which requires TLS (issued via a STARTTLS) and must have SASL authentication you would add the following entry to master.cf:
1234 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
The port number can also be any named port in /etc/services.
For any public SMTP server on the internet, I believe the relevant RFC specifies that you must accept unauthenticated, unencrypted (NON-TLS) connections on port 25 (sort of obvious if you want to receive incoming mail from the Internet). What I do on my servers is to disallow relaying and authentication from my port 25 smtp server and require all of my mail clients to connect on the port that I designate, requiring TLS+SASL auth.
Nataraj
Dear Natraj,
Very Much senses able comment and good example to configure smtp on desisted port. I was actually looking for something like this for a while, how to configure smtp on non standard ports.
I love the community who put their affords and energy and deliver the solutions in mailboxes directly.
Well Done Natraj, Thanks Dear All. ----
You can run an smtp server on any port you want. The advantage to not using one of the standard ports is that you won't have as many attacks from spammers and password guessing attacks.
The smtp parameters that are specified in main.cf are the default for all of your smtp servers however any of the parameters can be overridden in master.cf. So to define an smtp server on port 1234 which requires TLS (issued via a STARTTLS) and must have SASL authentication you would add the following entry to master.cf:
1234 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
The port number can also be any named port in /etc/services.
For any public SMTP server on the internet, I believe the relevant RFC specifies that you must accept unauthenticated, unencrypted (NON-TLS) connections on port 25 (sort of obvious if you want to receive incoming mail from the Internet). What I do on my servers is to disallow relaying and authentication from my port 25 smtp server and require all of my mail clients to connect on the port that I designate, requiring TLS+SASL auth.
Nataraj
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
In /etc/postfix/master.cf uncomment the line that starts #smtps.
One thing I also do is to listen on an alternate socket way up high, like 22225, to bypass ISP's that restrict port 25 and 465 to their own servers. This way I can send mail through my server when I am on a restricted network like AT&T wireless with my smart phone. Just make a copy of the standard smtp line, call it smtp-alt, then define smtp-alt to the port you want in /etc/services.
Mike
On 03/30/2012 10:51 AM, Prabhpal S. Mavi wrote:
Greetings Dear Friends !
i have Postfix Running On CentOS 6.2 x86_64, TLS/SASL is already configured and working.
Can anyone please assist me how to configure Postfix to listen and accept TLS connections on smtp:465?
Thanks / Regards Prabhpal S. Mavi
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 03/30/2012 08:22 AM, Mike McCarthy wrote:
In /etc/postfix/master.cf uncomment the line that starts #smtps.
One thing I also do is to listen on an alternate socket way up high, like 22225, to bypass ISP's that restrict port 25 and 465 to their own servers. This way I can send mail through my server when I am on a restricted network like AT&T wireless with my smart phone. Just make a copy of the standard smtp line, call it smtp-alt, then define smtp-alt to the port you want in /etc/services.
Mike
Some versions of outlook or outlook express do not handle 5 digit smtp port numbers, so if you have any non-linux mail clients, you might want to stay with a 4 digit port number.
Nataraj
-
Bob Hoffman -
John Doe -
Jonathan Vomacka -
Mike McCarthy -
Nataraj -
Prabhpal S. Mavi -
Tilman Schmidt