offer starttls only on port 587

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

offer starttls only on port 587

Bradley Giesbrecht-2
How can I offer starttls on port 587 and not port 25?

I've tried moving the tls statements from main.cf to master.cf under  
587 but postfix is still offering tls on port 25.


Thanks,
Bradley Giesbrecht
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Wietse Venema
Bradley Giesbrecht:
> How can I offer starttls on port 587 and not port 25?
>
> I've tried moving the tls statements from main.cf to master.cf under  
> 587 but postfix is still offering tls on port 25.

http://www.postfix.org/DEBUG_REAEDME.html#mail

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Robert Schetterer
In reply to this post by Bradley Giesbrecht-2
Bradley Giesbrecht schrieb:
> How can I offer starttls on port 587 and not port 25?
>
> I've tried moving the tls statements from main.cf to master.cf under 587
> but postfix is still offering tls on port 25.
>
>
> Thanks,
> Bradley Giesbrecht
Hi,
what have you tried something like this in master.cf ?

submission   inet    n       -       n       -       100       smtpd
  -o smtpd_etrn_restrictions=reject
  -o smtpd_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Jerry-124
In reply to this post by Wietse Venema
On Sat, 11 Jul 2009 20:34:01 -0400 (EDT)
[hidden email] (Wietse Venema) wrote:

> Bradley Giesbrecht:
> > How can I offer starttls on port 587 and not port 25?
> >
> > I've tried moving the tls statements from main.cf to master.cf
> > under 587 but postfix is still offering tls on port 25.
>
> http://www.postfix.org/DEBUG_REAEDME.html#mail
                               ^^^^^^^
> Wietse

I believe it should be:

http://www.postfix.org/DEBUG_README.html#mail

--
Gerard
[hidden email]

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

MANAGEMENT: The art of getting other people to do all the work.
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Bradley Giesbrecht-2
In reply to this post by Robert Schetterer

On Jul 12, 2009, at 1:31 AM, Robert Schetterer wrote:

> Bradley Giesbrecht schrieb:
>> How can I offer starttls on port 587 and not port 25?
>>
>> I've tried moving the tls statements from main.cf to master.cf  
>> under 587
>> but postfix is still offering tls on port 25.
>>
>>
>> Thanks,
>> Bradley Giesbrecht
> Hi,
> what have you tried something like this in master.cf ?
>
> submission   inet    n       -       n       -       100       smtpd
>  -o smtpd_etrn_restrictions=reject
>  -o smtpd_tls=yes
>  -o smtpd_sasl_auth_enable=yes
>  -o smtpd_client_restrictions=permit_sasl_authenticated,reject


Exactly and thank you. I'm using 50587 rather then submission but your  
reply convinced me I should be able to do this so I looked at my conf  
again and I had mtpd_sasl_auth_enable=yes twice in main.cf and had  
only commented out one.

Problem solved.

Again, thank you,

Brad
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Victor Duchovni
In reply to this post by Robert Schetterer
On Sun, Jul 12, 2009 at 10:31:58AM +0200, Robert Schetterer wrote:

> Hi, what have you tried something like this in master.cf ?
>
> submission   inet    n       -       n       -       100       smtpd
>   -o smtpd_etrn_restrictions=reject
>   -o smtpd_tls=yes
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject

There is no "smtpd_tls" parameter. With Postfix 2.3 and later, the
correct way to enable TLS is:

        smtpd_tls_security_level=may

if you want to mandate TLS:

        smtpd_tls_security_level=encrypt

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Esteban Torres Rodriguez
as

> On Sun, Jul 12, 2009 at 10:31:58AM +0200, Robert Schetterer wrote:
>
>> Hi, what have you tried something like this in master.cf ?
>>
>> submission   inet    n       -       n       -       100       smtpd
>>   -o smtpd_etrn_restrictions=reject
>>   -o smtpd_tls=yes
>>   -o smtpd_sasl_auth_enable=yes
>>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> There is no "smtpd_tls" parameter. With Postfix 2.3 and later, the
> correct way to enable TLS is:
>
> smtpd_tls_security_level=may
>
> if you want to mandate TLS:
>
> smtpd_tls_security_level=encrypt
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>


Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Bradley Giesbrecht-2

On Jul 12, 2009, at 12:11 PM, [hidden email] wrote:

> as
>> On Sun, Jul 12, 2009 at 10:31:58AM +0200, Robert Schetterer wrote:
>>
>>> Hi, what have you tried something like this in master.cf ?
>>>
>>> submission   inet    n       -       n       -       100       smtpd
>>>  -o smtpd_etrn_restrictions=reject
>>>  -o smtpd_tls=yes
>>>  -o smtpd_sasl_auth_enable=yes
>>>  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>
>> There is no "smtpd_tls" parameter. With Postfix 2.3 and later, the
>> correct way to enable TLS is:
>>
>> smtpd_tls_security_level=may
>>
>> if you want to mandate TLS:
>>
>> smtpd_tls_security_level=encrypt

My earlier reply had some errors. My problem is solved.

I had meant to say that I had smtpd_tls_security_level=may list twice  
in main.cf with only one of them commented out. Since I was also only  
doing auth on 50587 I mistakenly put the wrong var in my reply.

Thank you,

Brad
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Robert Schetterer
In reply to this post by Victor Duchovni
Victor Duchovni schrieb:

> On Sun, Jul 12, 2009 at 10:31:58AM +0200, Robert Schetterer wrote:
>
>> Hi, what have you tried something like this in master.cf ?
>>
>> submission   inet    n       -       n       -       100       smtpd
>>   -o smtpd_etrn_restrictions=reject
>>   -o smtpd_tls=yes
>>   -o smtpd_sasl_auth_enable=yes
>>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> There is no "smtpd_tls" parameter. With Postfix 2.3 and later, the
> correct way to enable TLS is:
>
> smtpd_tls_security_level=may
>
> if you want to mandate TLS:
>
> smtpd_tls_security_level=encrypt
>
Hi Victor,
i have postfix 2.6.2 recompiled from a suse rpm
and these setting still work (smtpd_tls=yes)
without any warning, do you know if is for backwards compat
or relate to some suse extra patches ?

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Wietse Venema
Robert Schetterer:

> Victor Duchovni schrieb:
> > On Sun, Jul 12, 2009 at 10:31:58AM +0200, Robert Schetterer wrote:
> >
> >> Hi, what have you tried something like this in master.cf ?
> >>
> >> submission   inet    n       -       n       -       100       smtpd
> >>   -o smtpd_etrn_restrictions=reject
> >>   -o smtpd_tls=yes
> >>   -o smtpd_sasl_auth_enable=yes
> >>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> >
> > There is no "smtpd_tls" parameter. With Postfix 2.3 and later, the
> > correct way to enable TLS is:
> >
> > smtpd_tls_security_level=may
> >
> > if you want to mandate TLS:
> >
> > smtpd_tls_security_level=encrypt
> >
> Hi Victor,
> i have postfix 2.6.2 recompiled from a suse rpm
> and these setting still work (smtpd_tls=yes)
> without any warning, do you know if is for backwards compat
> or relate to some suse extra patches ?

% postconf smtpd_tls
postconf: warning: smtpd_tls: unknown parameter

You can try the same command.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: offer starttls only on port 587

Robert Schetterer
Wietse Venema schrieb:

> Robert Schetterer:
>> Victor Duchovni schrieb:
>>> On Sun, Jul 12, 2009 at 10:31:58AM +0200, Robert Schetterer wrote:
>>>
>>>> Hi, what have you tried something like this in master.cf ?
>>>>
>>>> submission   inet    n       -       n       -       100       smtpd
>>>>   -o smtpd_etrn_restrictions=reject
>>>>   -o smtpd_tls=yes
>>>>   -o smtpd_sasl_auth_enable=yes
>>>>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>> There is no "smtpd_tls" parameter. With Postfix 2.3 and later, the
>>> correct way to enable TLS is:
>>>
>>> smtpd_tls_security_level=may
>>>
>>> if you want to mandate TLS:
>>>
>>> smtpd_tls_security_level=encrypt
>>>
>> Hi Victor,
>> i have postfix 2.6.2 recompiled from a suse rpm
>> and these setting still work (smtpd_tls=yes)
>> without any warning, do you know if is for backwards compat
>> or relate to some suse extra patches ?
>
> % postconf smtpd_tls
> postconf: warning: smtpd_tls: unknown parameter
>
> You can try the same command.
>
> Wietse
thx Wietse for clearing,
jep works too,without not existent parameters *g
missed this during the updates over the time
i should study more changelogs
--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria