Comments on: Linux Postfix SMTP (Mail Server) SSL Certificate Installations and Configuration

By: pawan saini

pawan saini — Mon, 17 Oct 2011 16:41:54 +0000

i am using postfix with SASL & TLS. the issue is when i telnet postfix server on port 25 it shows the follwing output

220 pawansaini.com ESMTP Postfix
ehlo pawansaini.com
250-pawansaini.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

1) why doesnt it show AUTH parameters???
2) when i remove the TLS then it shows the AUTH parameter in EHLO???

By: Nate

Nate — Wed, 06 Jul 2011 15:03:18 +0000

Hi,

I have a question about securing the server-to-server communications with postfix. What needs to be done to force the use of TLS enabled connections?

By: Leonardo

Leonardo — Fri, 10 Jun 2011 20:31:11 +0000

Hi, the certificate used for postfix is the same used on the webserver or is it a specific certificate for this?

By: Eranga Wasantha

Eranga Wasantha — Tue, 05 May 2009 07:59:13 +0000

The error when testing the email is:
Send Test Email Message: The specified server was found, but there was no response from the server. Please verify that the port and SSL information is correct. To access these settings close this dialogue, then click More Settings on the Advanced tab.

Log Onto Incoming Mail Server (POP 3): The specified server was found, but there was no response from the server. Please verify that the port and SSL information is correct. To access these settings close this dialogue, then click More Settings on the Advanced tab.

By: Juha Vehnia

Juha Vehnia — Tue, 27 Jan 2009 14:43:38 +0000

In order to get this work you also must install Dovecot and enable SASL authentication server.

yum install dovecot

To enable authentication server, edit /etc/dovecot.conf and adding the following:

/some/where/dovecot.conf:
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

Finally restart dovecot IMAP server with the command:

/etc/init.d/dovecot restart

By: Teja

Teja — Tue, 07 Aug 2007 10:38:29 +0000

hi ,
i have Redhat Linux Ent Ed. 4 and oracle Application Server 10g Release 2.
I created the key using following commands.
$ openssl genrsa -des3 -out vcb.key 1024
$ openssl req -new -key vcb.key -out vcb.csr

Now i got the certificate from the CA

Please guide me how can i install the SSL.
Regards,
teja
Abu Dhabi, UAE

By: vivek

vivek — Fri, 13 Jul 2007 09:47:44 +0000

Bok,

Thanks I’ve old version, may be I will update tonight :)

By: BOK

BOK — Thu, 12 Jul 2007 21:53:37 +0000

One is the maillog saying:
warning: TLS has been selected, but TLS support is not compiled in
Two is: wen using the above telnet-command to port 25 “STARTTLS” is missing.
FYI: FreeBSD is offering me the option to complile Postfix with TLS and SSL when running “make config”.

By: Raj

Raj — Thu, 12 Jul 2007 21:41:39 +0000

BOK says: just compile in TLS.

How do I find out – my postfix is compiled with TLS? Any idea ????

TIA

By: BOK

BOK — Thu, 12 Jul 2007 21:40:07 +0000

Oops… add this information too, since I forgot to mention I use SASL through Dovecot IMAP/POP-server:
smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth

By: BOK

BOK — Thu, 12 Jul 2007 21:28:58 +0000

I was using Postfix with SASL before but it seems it’s not needed anymore: just compile in TLS.
One this I get this warning on PF v2.4.3.1:

warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead

so it’s best to adapt that specific line, I guess…