Postfix + Dovecot + Mysql + SSL/TLS [NÃO FUNCIONANDO]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Postfix + Dovecot + Mysql + SSL/TLS [NÃO FUNCIONANDO]

drum.lucas@gmail.com
Olá tudo bem?

Estou montando um servidor de e-mail para testes. 
Quero ativar a criptografia por SSL/TLS, mas estou enfrentando problemas.

Os e-mails estão funcionando bem. Utilizo dovecot(com managesieve) + mysql + roundcubemail + quota + postfixadmin

Mas apesar dos e-mails serem enviados e recebidos ok, eles não são criptografados.

Poderiam me dar uma mão por favor?

Seguem as informações:

Versão do postfix: 
2:2.10.1-6.el7

postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
default_process_limit = 10
disable_dns_lookups = no
dovecot_destination_recipient_limit = 1
inet_interfaces = all
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = localhost.$mydomain, localhost, $myhostname
myhostname = mail.exemplo.com.br
mynetworks = 127.0.0.0/8 ip_EXTERNO/32
non_smtpd_milters = $smtpd_milters
qmgr_message_active_limit = 40000
qmgr_message_recipient_limit = 40000
readme_directory = no
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains.cf
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname,
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/exemplo.com.br.crt
smtpd_tls_key_file = /etc/pki/tls/private/exemplo.com.br.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_timeout = 10800s
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000

smtp      inet  n       -       n       -       -       smtpd -v
  -o content_filter=spamassassin 
  -o smtpd_sasl_auth_enable=yes
  -o receive_override_options=no_address_mappings
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
spamassassin unix -     n       n       -       -       pipe user=spamfilter argv=/usr/bin/spamc -f -e  /usr/sbin/sendmail -oi -f ${sender} ${recipient}
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
amavisfeed unix    -       -       n        -      2     lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
127.0.0.1:10025 inet n    -       n       -       -     smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
    -o local_header_rewrite_clients=
    -o smtpd_milters=
    -o local_recipient_maps=
    -o relay_recipient_maps=
dovecot       unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
telnet localhost 25:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.exemplo.com.br ESMTP Postfix
ehlo exemplo.com.br
250-mail.exemplo.com.br
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

telnet localhost 465:
Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: initializing the server-side TLS engine
Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: connect from localhost[127.0.0.1]
Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: setting up TLS connection from localhost[127.0.0.1]
Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: localhost[127.0.0.1]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!aNULL"
Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: SSL_accept:before/accept initialization
Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: read from 7F476E2B4AD0 [7F476E2BF390] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: read from 7F476E2B4AD0 [7F476E2BF390] (11 bytes => 11 (0xB))
Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: 0000 65 68 6c 6f 20 6b 69 6e|67 68 6f                 ehlo 
Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: SSL_accept:error in SSLv2/v3 read client hello A
Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: SSL_accept error from localhost[127.0.0.1]: -1
Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: warning: TLS library problem: 28486:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:647:
Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: lost connection after CONNECT from localhost[127.0.0.1]
Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: disconnect from localhost[127.0.0.1]

_______________________________________________
Postfix-br mailing list
[hidden email]
http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/postfix-br