Forum

Zombie8u · 10-15-2015, 12:11 PM

Using "http://checktls.com/perl/TestSender.pl" shows all outgoing mail to not be encrypted, I can't seem to figure out why hope someone here can help out.

Thanks

Here is the email from "http://checktls.com" showing that the email is not encrypted.

Your email was sent, however it was NOT SENT SECURELY using TLS.

A transcript of the eMail SMTP session is below:
--> this would be a line from your email system to our test
<-- and this would be a line to your email system from our test

If TLS was negotiated, a line is added:
====tls negotiation successful (cypher: cyphername, client cert: certinfo)

Everything after that line is secure (encrypted), as indicated by:
~~> commands from your system then have wiggly lines
<~~ and responses from our system do too

Any errors that the test noticed are noted in the log by asterisk boxes:
***************************************
*** ********** Error Note ********* ***
*** ***
*** The error message would be here ***
*** ***
***************************************
***************************************

___TRANSCRIPT BEGINS ON THE NEXT LINE___
<-- 220 ts3.checktls.com CheckTLS TestSender Wed, 14 Oct 2015 20:58:33 -0400
--> EHLO panel.johnxxxxxxgd.com
<-- 250-ts3.checktls.com Hello johnxxxxxxgd.com [60.12.50.27], pleased to meet you
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
--> MAIL FROM:<admin@johnxxxxxxgd.com>
<-- 250 Ok - mail from admin@johnxxxxxxgd.com
--> RCPT TO:<test@TestSender.CheckTLS.com>
<-- 250 Ok - recipient test@TestSender.CheckTLS.com
--> DATA
<-- 354 Send data. End with CRLF.CRLF
--> Received: from [192.168.1.126] (18-21-70-15.lightspeed.sbcglobal.net [18.21.70.15])
--> (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
--> (Client did not present a certificate)
--> by panel.johnxxxxxxgd.com (Postfix) with ESMTPSA id F15892161538
--> for <test@TestSender.CheckTLS.com>; Wed, 14 Oct 2015 19:58:32 -0500 (CDT)
--> To: test@TestSender.CheckTLS.com
--> Subject: 9kn8jhftw2rcw
--> From: admin <admin@johnxxxxxxgd.com>
--> Message-ID: <561EFA38.4060206@johnxxxxxxgd.com>
--> Date: Wed, 14 Oct 2015 19:58:32 -0500
--> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
--> Thunderbird/38.3.0
--> MIME-Version: 1.0
--> Content-Type: text/plain; charset=utf-8; format=flowed
--> Content-Transfer-Encoding: 7bit
-->
--> Thank you for using CheckTLS.com!
--> .
<-- 250 Ok
--> QUIT
<-- 221 ts3.checktls.com closing connection

Here is my log file

Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: initializing the server-side TLS engine
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: connect from 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: setting up TLS connection from 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH:!aNULL"
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:before/accept initialization
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read client hello A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write server hello A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write certificate A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write key exchange A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write certificate request A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 flush data
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read client certificate A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read client key exchange A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read finished A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write change cipher spec A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write finished A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 flush data
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: Anonymous TLS connection established from 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: F15892161538: client=18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15], sasl_method=PLAIN, sasl_username=admin@johnxxxxxxgd.com
Oct 14 19:58:33 johnxxxxxxgd postfix/cleanup[21025]: F15892161538: message-id=<561EFA38.4060206@johnxxxxxxgd.com>
Oct 14 19:58:33 johnxxxxxxgd postfix/qmgr[20981]: F15892161538: from=<admin@johnxxxxxxgd.com>, size=792, nrcpt=1 (queue active)
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21016]: disconnect from 18-21-70-15.lightspeed.okcbok.sbcglobal.net[18.21.70.15]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtp[21026]: Host offered STARTTLS: [ts3.CheckTLS.com]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtp[21026]: F15892161538: to=<test@TestSender.CheckTLS.com>, relay=ts3.CheckTLS.com[69.61.187.246]:25, delay=0.52, delays=0.1/0.03/0.2/0.19, dsn=2.0.0, status=sent (250 Ok)
Oct 14 19:58:33 johnxxxxxxgd postfix/qmgr[20981]: F15892161538: removed

Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: initializing the server-side TLS engine
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: connect from www3.checktls.com[69.61.187.232]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: setting up TLS connection from www3.checktls.com[69.61.187.232]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: www3.checktls.com[69.61.187.232]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH:!aNULL"
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:before/accept initialization
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read client hello A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write server hello A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write certificate A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write key exchange A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write certificate request A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 flush data
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read client certificate A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read client key exchange A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read finished A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write change cipher spec A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write finished A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 flush data
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: Anonymous TLS connection established from www3.checktls.com[69.61.187.232]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 14 19:58:34 johnxxxxxxgd postfix/smtpd[21027]: 152A42161538: client=www3.checktls.com[69.61.187.232]
Oct 14 19:58:34 johnxxxxxxgd postfix/cleanup[21025]: 152A42161538: message-id=<>
Oct 14 19:58:34 johnxxxxxxgd postfix/qmgr[20981]: 152A42161538: from=<testsender@CheckTLS.com>, size=3116, nrcpt=1 (queue active)
Oct 14 19:58:34 johnxxxxxxgd postfix/pipe[21028]: 152A42161538: to=<admin@johnxxxxxxgd.com>, relay=dovecot, delay=0.2, delays=0.14/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 14 19:58:34 johnxxxxxxgd postfix/qmgr[20981]: 152A42161538: removed
Oct 14 19:58:34 johnxxxxxxgd postfix/smtpd[21027]: disconnect from www3.checktls.com[69.61.187.232]

Me.B · 10-15-2015, 04:30 PM

Default setup don't add TLS. So what you get is as expected.

M B

Zombie8u · 10-15-2015, 09:09 PM

I'm sorry I should have mentioned that I followed Diablo925 "Ubuntu: How to setup TLS on postfix and dovecot" guide and have it working for in coming emails, according to "http://checktls.com/perl/TestReceiver.pl" it shows to be working.

Here is the reply from http://checktls.com

Trying TLS on mail.johnxxxxxxgd.com[60.12.50.27] (0):
seconds        test stage and result
[000.038]        Connected to server
[000.317]    <--    220 panel.johnxxxxxxgd.com ESMTP
[000.318]        We are allowed to connect
[000.319]    -->    EHLO checktls.com
[000.356]    <--    250-panel.johnxxxxxxgd.com
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.357]        We can use this server
[000.357]        TLS is an option on this server
[000.358]    -->    STARTTLS
[000.395]    <--    220 2.0.0 Ready to start TLS
[000.396]        STARTTLS command works on this server
[000.500]        Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
[000.500]        Connection converted to SSL
[000.523]

Certificate 1 of 2 in chain:
subject= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com
issuer= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com

[000.544]

Certificate 2 of 2 in chain:
subject= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com
issuer= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com

[000.545]        Cert NOT VALIDATED: self signed certificate
[000.545]        So email is encrypted but the domain is not verified
[000.545]        Cert Hostname VERIFIED (mail.johnxxxxxxgd.com = mail.johnxxxxxxgd.com)
[000.546]    ~~>    EHLO checktls.com
[000.585]    <~~    250-panel.johnxxxxxxgd.com
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.586]        TLS successfully started on this server
[000.586]    ~~>    MAIL FROM:<test@checktls.com>
[000.636]    <~~    250 2.1.0 Ok
[000.636]        Sender is OK
[000.637]    ~~>    RCPT TO:<admin@johnxxxxxxgd.com>
[000.687]    <~~    250 2.1.5 Ok
[000.687]        Recipient OK, E-mail address proofed
[000.688]    ~~>    QUIT
[000.726]    <~~    221 2.0.0 Bye

apinto · (This post was last modified: 10-15-2015, 10:11 PM by apinto.)

Zombie8u What are you using to send the email? RoundCube?

Zombie8u · 10-15-2015, 10:17 PM

(10-15-2015, 09:52 PM)apinto Wrote: What are you using to send the email? RoundCube?

Thanks for your reply's.

That email reply was from using Thunderbird email client to send, I've also tried using Roundcube and I still recieve message "Your email was sent, however it was NOT SENT SECURELY using TLS".

Here is the message back from using Roundcube to send email.

Below are the details from your CheckTLS TestSender test
from <admin@johnxxxxxxgd.com> via [60.12.50.27]
run on 2015-10-15 08:05:35 EDT.
Original email Subject: 9nmf3ux5yttph

Your email was sent, however it was NOT SENT SECURELY using TLS.

A transcript of the eMail SMTP session is below:
--> this would be a line from your email system to our test
<-- and this would be a line to your email system from our test

If TLS was negotiated, a line is added:
====tls negotiation successful (cypher: cyphername, client cert: certinfo)

Everything after that line is secure (encrypted), as indicated by:
~~> commands from your system then have wiggly lines
<~~ and responses from our system do too

Any errors that the test noticed are noted in the log by asterisk boxes:
***************************************
*** ********** Error Note ********* ***
***                                 ***
*** The error message would be here ***
***                                 ***
***************************************
***************************************

___TRANSCRIPT BEGINS ON THE NEXT LINE___
<-- 220 ts3.checktls.com CheckTLS TestSender Thu, 15 Oct 2015 08:05:34 -0400
--> EHLO panel.johnxxxxxxgd.com
<-- 250-ts3.checktls.com Hello johnxxxxxxgd.com [60.12.50.27], pleased to meet you
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
--> MAIL FROM:<admin@johnxxxxxxgd.com>
<-- 250 Ok - mail from admin@johnxxxxxxgd.com
--> RCPT TO:<test@TestSender.CheckTLS.com>
<-- 250 Ok - recipient test@TestSender.CheckTLS.com
--> DATA
<-- 354 Send data. End with CRLF.CRLF
--> Received: from panel.johnxxxxxxgd.com (localhost [IPv6:::1])
-->    by panel.johnxxxxxxgd.com (Postfix) with ESMTPA id 7CA7C2161560
-->    for <test@TestSender.CheckTLS.com>; Thu, 15 Oct 2015 07:05:34 -0500 (CDT)
--> MIME-Version: 1.0
--> Content-Type: multipart/alternative;
--> boundary="=_70bf6510a0d79060657ec1bad0be9339"
--> Date: Thu, 15 Oct 2015 07:05:34 -0500
--> From: admin@johnxxxxxxgd.com
--> To: test@TestSender.CheckTLS.com
--> Subject: 9nmf3ux5yttph
--> Message-ID: <3d6cdd2c3507eda997c8fdfa547999fc@johnxxxxxxgd.com>
--> X-Sender: admin@johnxxxxxxgd.com
--> User-Agent: Roundcube Webmail/1.0.4
-->
--> --=_70bf6510a0d79060657ec1bad0be9339
--> Content-Transfer-Encoding: 7bit
--> Content-Type: text/plain; charset=US-ASCII
-->
-->
-->
--> This is a test message.
-->
--> --=_70bf6510a0d79060657ec1bad0be9339
--> Content-Transfer-Encoding: quoted-printable
--> Content-Type: text/html; charset=UTF-8
-->
--> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
--> <html><body style=3D'font-size: 10pt; font-family: Verdana,Geneva,sans-seri=
--> f'>
--> <p>This is a test message.</p>
--> <div> </div>
--> </body></html>
-->
--> --=_70bf6510a0d79060657ec1bad0be9339--
-->
--> .
<-- 250 Ok
--> QUIT
<-- 221 ts3.checktls.com closing connection

Me.B · 10-15-2015, 11:00 PM

Check twice you followed the guide here:

http://forums.sentora.org/showthread.php?tid=46

or post you config files you modified.

M B

Zombie8u · 10-16-2015, 04:38 AM

(10-15-2015, 11:00 PM)Me.B Wrote: Check twice you followed the guide here:

http://forums.sentora.org/showthread.php?tid=46

or post you config files you modified.

M B

I doubled checked, maybe I still missed something.

Thanks in advance!

Here is my /etc/postfix/main.cf

Code:

# postfix config file



# uncomment for debugging if needed

soft_bounce=yes



# postfix main

mail_owner = postfix

setgid_group = postdrop

delay_warning_time = 4



# postfix paths

html_directory = no

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

queue_directory = /var/spool/postfix

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.2.2/samples

readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES



# network settings

inet_interfaces = all

mydomain = panel.johnxxxxxxgd.com

myhostname = panel.johnxxxxxxgd.com

mynetworks = 127.0.0.1, 60.12.50.27

mydestination = localhost.$mydomain, localhost

relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf



# mail delivery

recipient_delimiter = +



# mappings

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases








#transport_maps
 
         = hash:/etc/postfix/transport








#local_recipient_maps
 
         =



# virtual setup

virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,

                     regexp:/etc/sentora/configs/postfix/virtual_regexp

virtual_mailbox_base = /var/sentora/vmail

virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf

virtual_minimum_uid = 999

virtual_uid_maps = static:999

virtual_gid_maps = static:8

virtual_transport = dovecot

dovecot_destination_recipient_limit = 1



# debugging

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5





# authentication

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth





# tls config





smtp_use_tls = no

smtpd_use_tls = yes

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 2

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem

smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem

smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem







# rules restrictions

smtpd_client_restrictions =

smtpd_helo_restrictions =

smtpd_sender_restrictions =

smtpd_recipient_restrictions = permit_sasl_authenticated,

        permit_mynetworks,

        reject_unauth_destination,

        reject_non_fqdn_sender,

        reject_non_fqdn_recipient,

        reject_unknown_recipient_domain

# uncomment for realtime black list checks. (Warn: will also reject false positive)

#       ,reject_rbl_client zen.spamhaus.org

#       ,reject_rbl_client bl.spamcop.net

#       ,reject_rbl_client dnsbl.sorbs.net



smtpd_helo_required = yes

unknown_local_recipient_reject_code = 550

disable_vrfy_command = yes

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_banner = $myhostname ESMTP



message_size_limit = 20480000

Here is my /etc/postfix/master.cf

Code:
#

# Postfix master process configuration file.  For details on the format

# of the file, see the Postfix master(5) manual page.

#

# ***** Unused items removed *****

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd

submission      inet    n       -       n       -       -       smtpd

#  -o content_filter=smtp-amavis:127.0.0.1:10024

#  -o receive_override_options=no_address_mappings

pickup    fifo  n       -       n       60      1       pickup

  -o content_filter=

  -o receive_override_options=no_header_body_checks

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp

        -o fallback_relay=

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

# ====================================================================

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

#

# spam/virus section

#

smtp-amavis  unix  -    -       y       -       2       smtp

  -o smtp_data_done_timeout=1200

  -o disable_dns_lookups=yes

  -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n  -       y       -       -       smtpd

  -o content_filter=

  -o smtpd_helo_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o mynetworks=127.0.0.0/8

  -o smtpd_error_sleep_time=0

  -o smtpd_soft_error_limit=1001

  -o smtpd_hard_error_limit=1000

  -o receive_override_options=no_header_body_checks

  -o smtpd_helo_required=no

  -o smtpd_client_restrictions=

  -o smtpd_restriction_classes=

  -o disable_vrfy_command=no

  -o strict_rfc821_envelopes=yes

#

# Dovecot LDA

dovecot   unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

#

# Vacation mail

vacation    unix  -       n       n       -       -       pipe

  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

Here is my /etc/dovecot/dovecot.conf

Code:

##

## Dovecot config file

##

listen = *

disable_plaintext_auth = no

ssl = yes

ssl_cert = </etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem

ssl_key = </etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem

ssl_ca = </etc/postfix/ssl/cacert.pem

log_timestamp = %Y-%m-%d %H:%M:%S








#log_timestamp
 
         was present only in Ubuntu file

protocols = imap pop3 lmtp sieve

auth_mechanisms = plain login

passdb {

  driver = sql

  args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf

}

userdb {

  driver = prefetch

}

userdb {

  driver = sql

  args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf

}

mail_location = maildir:/var/sentora/vmail/%d/%n

first_valid_uid = 999

last_valid_uid = 999



first_valid_gid = 8

last_valid_gid = 8








#mail_plugins
 
         =

mailbox_idle_check_interval = 30 secs

maildir_copy_with_hardlinks = yes

service imap-login {

  inet_listener imap {

    port = 143

  }

}

service pop3-login {

  inet_listener pop3 {

    port = 110

  }

}

service lmtp {

  unix_listener lmtp {

    






#mode
 
         = 0666

  }

}

service imap {

  vsz_limit = 256M

}

service pop3 {

}

service auth {

  unix_listener auth-userdb {

    mode = 0666

    user = vmail

    group = mail

  }



  # Postfix smtp-auth

  unix_listener /var/spool/postfix/private/auth {

    mode = 0666

    user = postfix

    group = postfix

  }

}



service auth-worker {

}

service dict {

  unix_listener dict {

    mode = 0666

    user = vmail

    group = mail

  }

}

service managesieve-login {

  inet_listener sieve {

    port = 4190

  }

  service_count = 1

  process_min_avail = 0

  vsz_limit = 64M

}

service managesieve {

}

lda_mailbox_autocreate = yes

lda_mailbox_autosubscribe = yes

protocol lda {

  mail_plugins = quota sieve

  postmaster_address = postmaster@panel.johnxxxxxxgd.com

}

protocol imap {

  mail_plugins = quota imap_quota trash

  imap_client_workarounds = delay-newmail

}

lmtp_save_to_detail_mailbox = yes



protocol lmtp {

  mail_plugins = quota sieve

}

protocol pop3 {

  mail_plugins = quota

  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

  pop3_uidl_format = %08Xu%08Xv








#pop3_uidl_format
 
         was present only in ubuntu file

}

protocol sieve {

  managesieve_max_line_length = 65536

  managesieve_implementation_string = Dovecot Pigeonhole

  managesieve_max_compile_errors = 5

}

dict {

  quotadict = mysql:/etc/sentora/configs/dovecot2/dovecot-dict-quota.conf

}

plugin {

# quota = dict:User quota::proxy::quotadict

  quota = maildir:User quota

  acl = vfile:/etc/dovecot/acls

  trash = /etc/sentora/configs/dovecot2/dovecot-trash.conf

  sieve_global_path = /var/sentora/sieve/globalfilter.sieve

  sieve = ~/dovecot.sieve

  sieve_dir = ~/sieve

  sieve_global_dir = /var/sentora/sieve/

  






#sieve_extensions
 
         = +notify +imapflags

  sieve_max_script_size = 1M

  






#sieve_max_actions
 
         = 32

  






#sieve_max_redirects
 
         = 4

}



log_path = /var/log/dovecot.log

info_log_path = /var/log/dovecot-info.log

debug_log_path = /var/log/dovecot-debug.log

mail_debug=yes

apinto · (This post was last modified: 10-16-2015, 06:17 AM by apinto.)

Try this:

Code:

# postfix config file



#...



# tls config



#CHANGE








#smtp_use_tls
 
         = no

smtp_use_tls = yes



smtpd_use_tls = yes



#ADD

smtpd_enforce_tls = no



smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 2

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem

smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem

smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem



#...

Also, make sure you use the following settings on Thunderbird/Mail Client:

Server: mail.johnxxxxxxgd.com
Port: 995
User Name: info@johnxxxxxxgd.com
Con. Security: SSL/TLS
Auth: Normal Password

If you are using Connection Security: None (default for Thunderbird) it will always send unsecured emails.

Also, using the localhost of your server (for ex. RoundCube) it does not send the emails secured by default, and it does NOT NEED TO because SSL secures the client-server connection, if your client is inside the server it is already "secured".

Zombie8u · 10-16-2015, 07:14 AM

(10-16-2015, 06:16 AM)apinto Wrote: Try this:

Code:
# postfix config file #... # tls config #CHANGE #smtp_use_tls = no smtp_use_tls = yes smtpd_use_tls = yes #ADD smtpd_enforce_tls = no smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem #...

Also, make sure you use the following settings on Thunderbird/Mail Client:
Server: mail.johnxxxxxxgd.com

Port: 995

User Name: info@johnxxxxxxgd.com

Con. Security: SSL/TLS

Auth: Normal Password

If you are using Connection Security: None (default for Thunderbird) it will always send unsecured emails.

Also, using the localhost of your server (for ex. RoundCube) it does not send the emails secured by default, and it does NOT NEED TO because SSL secures the client-server connection, if your client is inside the server it is already "secured".

Thanks for your reply.

That worked, making those two changes to the file seemed to do the trick for me.

My connections settings in thunderbird are

Server: mail.johnxxxxxxgd.com
Port: 587
User Name: admin@johnxxxxxxgd.com
Con. Security: STARTTLS
Auth: Normal Password

If I change it to your suggestions I get this error "An error occurred while sending mail: The mail server sent an incorrect greeting: +OK Dovecot (Ubuntu) ready.."

Thanks for all your help

apinto · 10-16-2015, 08:16 AM

(10-16-2015, 07:14 AM)Zombie8u Wrote:
(10-16-2015, 06:16 AM)apinto Wrote: Try this:

Code:
# postfix config file #... # tls config #CHANGE #smtp_use_tls = no smtp_use_tls = yes smtpd_use_tls = yes #ADD smtpd_enforce_tls = no smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem #...

Also, make sure you use the following settings on Thunderbird/Mail Client:
Server: mail.johnxxxxxxgd.com

Port: 995

User Name: info@johnxxxxxxgd.com

Con. Security: SSL/TLS

Auth: Normal Password

If you are using Connection Security: None (default for Thunderbird) it will always send unsecured emails.

Also, using the localhost of your server (for ex. RoundCube) it does not send the emails secured by default, and it does NOT NEED TO because SSL secures the client-server connection, if your client is inside the server it is already "secured".

Thanks for your reply.

That worked, making those two changes to the file seemed to do the trick for me.

My connections settings in thunderbird are
Server: mail.johnxxxxxxgd.com

Port: 587

User Name: admin@johnxxxxxxgd.com

Con. Security: STARTTLS

Auth: Normal Password

If I change it to your suggestions I get this error "An error occurred while sending mail: The mail server sent an incorrect greeting: +OK Dovecot (Ubuntu) ready.."

Thanks for all your help

Yah to use TLS you need another setup on master.cf
Honestly I dont even remember what I did Wink

Glad it worked!!

Possibly Related Threads…
Thread	Author	Replies	Views	Last Post
External mail client cannot connect to server	iraqiboy90	2	7 ,016	02-28-2021, 11:34 AM Last Post: iraqiboy90
Postfix mail.log to database	stikekar	2	8 ,231	03-02-2019, 01:22 AM Last Post: TGates
E-mail quota limit	danandrade	6	28 ,061	08-28-2018, 05:22 PM Last Post: speeddemon786