This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Outgoing mail not encrypted
#1
Outgoing mail not encrypted
Using "http://checktls.com/perl/TestSender.pl"  shows all outgoing mail to not be encrypted, I can't seem to figure out why hope someone here can help out.

Thanks


Here is the email from "http://checktls.com" showing that the email is not encrypted.


Your email was sent, however it was NOT SENT SECURELY using TLS.

A transcript of the eMail SMTP session is below:
--> this would be a line from your email system to our test
<-- and this would be a line to your email system from our test

If TLS was negotiated, a line is added:
====tls negotiation successful (cypher: cyphername, client cert: certinfo)

Everything after that line is secure (encrypted), as indicated by:
~~> commands from your system then have wiggly lines
<~~ and responses from our system do too

Any errors that the test noticed are noted in the log by asterisk boxes:
***************************************
*** ********** Error Note ********* ***
***                                 ***
*** The error message would be here ***
***                                 ***
***************************************
***************************************

___TRANSCRIPT BEGINS ON THE NEXT LINE___
<-- 220 ts3.checktls.com CheckTLS TestSender Wed, 14 Oct 2015 20:58:33 -0400
--> EHLO panel.johnxxxxxxgd.com
<-- 250-ts3.checktls.com Hello johnxxxxxxgd.com [60.12.50.27], pleased to meet you
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
--> MAIL FROM:<admin@johnxxxxxxgd.com>
<-- 250 Ok - mail from admin@johnxxxxxxgd.com
--> RCPT TO:<test@TestSender.CheckTLS.com>
<-- 250 Ok - recipient test@TestSender.CheckTLS.com
--> DATA
<-- 354 Send data.  End with CRLF.CRLF
--> Received: from [192.168.1.126] (18-21-70-15.lightspeed.sbcglobal.net [18.21.70.15])
--> (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
--> (Client did not present a certificate)
--> by panel.johnxxxxxxgd.com (Postfix) with ESMTPSA id F15892161538
--> for <test@TestSender.CheckTLS.com>; Wed, 14 Oct 2015 19:58:32 -0500 (CDT)
--> To: test@TestSender.CheckTLS.com
--> Subject: 9kn8jhftw2rcw
--> From: admin <admin@johnxxxxxxgd.com>
--> Message-ID: <561EFA38.4060206@johnxxxxxxgd.com>
--> Date: Wed, 14 Oct 2015 19:58:32 -0500
--> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
-->  Thunderbird/38.3.0
--> MIME-Version: 1.0
--> Content-Type: text/plain; charset=utf-8; format=flowed
--> Content-Transfer-Encoding: 7bit
-->
--> Thank you for using CheckTLS.com!
--> .
<-- 250 Ok
--> QUIT
<-- 221 ts3.checktls.com closing connection


Here is my log file

Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: initializing the server-side TLS engine
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: connect from 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: setting up TLS connection from 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH:!aNULL"
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:before/accept initialization
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read client hello A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write server hello A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write certificate A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write key exchange A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write certificate request A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 flush data
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read client certificate A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read client key exchange A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 read finished A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write change cipher spec A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 write finished A
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: SSL_accept:SSLv3 flush data
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: Anonymous TLS connection established from 18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Oct 14 19:58:32 johnxxxxxxgd postfix/smtpd[21016]: F15892161538: client=18-21-70-15.lightspeed.sbcglobal.net[18.21.70.15], sasl_method=PLAIN, sasl_username=admin@johnxxxxxxgd.com
Oct 14 19:58:33 johnxxxxxxgd postfix/cleanup[21025]: F15892161538: message-id=<561EFA38.4060206@johnxxxxxxgd.com>
Oct 14 19:58:33 johnxxxxxxgd postfix/qmgr[20981]: F15892161538: from=<admin@johnxxxxxxgd.com>, size=792, nrcpt=1 (queue active)
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21016]: disconnect from 18-21-70-15.lightspeed.okcbok.sbcglobal.net[18.21.70.15]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtp[21026]: Host offered STARTTLS: [ts3.CheckTLS.com]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtp[21026]: F15892161538: to=<test@TestSender.CheckTLS.com>, relay=ts3.CheckTLS.com[69.61.187.246]:25, delay=0.52, delays=0.1/0.03/0.2/0.19, dsn=2.0.0, status=sent (250 Ok)
Oct 14 19:58:33 johnxxxxxxgd postfix/qmgr[20981]: F15892161538: removed

Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: initializing the server-side TLS engine
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: connect from www3.checktls.com[69.61.187.232]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: setting up TLS connection from www3.checktls.com[69.61.187.232]
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: www3.checktls.com[69.61.187.232]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH:!aNULL"
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:before/accept initialization
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read client hello A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write server hello A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write certificate A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write key exchange A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write certificate request A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 flush data
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read client certificate A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read client key exchange A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 read finished A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write change cipher spec A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 write finished A
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: SSL_accept:SSLv3 flush data
Oct 14 19:58:33 johnxxxxxxgd postfix/smtpd[21027]: Anonymous TLS connection established from www3.checktls.com[69.61.187.232]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 14 19:58:34 johnxxxxxxgd postfix/smtpd[21027]: 152A42161538: client=www3.checktls.com[69.61.187.232]
Oct 14 19:58:34 johnxxxxxxgd postfix/cleanup[21025]: 152A42161538: message-id=<>
Oct 14 19:58:34 johnxxxxxxgd postfix/qmgr[20981]: 152A42161538: from=<testsender@CheckTLS.com>, size=3116, nrcpt=1 (queue active)
Oct 14 19:58:34 johnxxxxxxgd postfix/pipe[21028]: 152A42161538: to=<admin@johnxxxxxxgd.com>, relay=dovecot, delay=0.2, delays=0.14/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 14 19:58:34 johnxxxxxxgd postfix/qmgr[20981]: 152A42161538: removed
Oct 14 19:58:34 johnxxxxxxgd postfix/smtpd[21027]: disconnect from www3.checktls.com[69.61.187.232]
Reply
Thanks given by:
#2
RE: Outgoing mail not encrypted
Default setup don't add TLS. So what you get is as expected.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:
#3
RE: Outgoing mail not encrypted
I'm sorry I should have mentioned that I followed Diablo925 "Ubuntu: How to setup TLS on postfix and dovecot" guide and have it working for in coming emails, according to "http://checktls.com/perl/TestReceiver.pl" it shows to be working.

Here is the reply from http://checktls.com



Trying TLS on mail.johnxxxxxxgd.com[60.12.50.27] (0):
seconds         test stage and result
[000.038]         Connected to server
[000.317]     <--     220 panel.johnxxxxxxgd.com ESMTP
[000.318]         We are allowed to connect
[000.319]     -->     EHLO checktls.com
[000.356]     <--     250-panel.johnxxxxxxgd.com
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.357]         We can use this server
[000.357]         TLS is an option on this server
[000.358]     -->     STARTTLS
[000.395]     <--     220 2.0.0 Ready to start TLS
[000.396]         STARTTLS command works on this server
[000.500]         Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
[000.500]         Connection converted to SSL
[000.523]         

Certificate 1 of 2 in chain:
subject= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com
issuer= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  

[000.544]         

Certificate 2 of 2 in chain:
subject= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com
issuer= /C=US/ST=State/L=City/O=Business/OU=Business/CN=mail.johnxxxxxxgd.com/emailAddress=admin@johnxxxxxxgd.com                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

[000.545]         Cert NOT VALIDATED: self signed certificate
[000.545]         So email is encrypted but the domain is not verified
[000.545]         Cert Hostname VERIFIED (mail.johnxxxxxxgd.com = mail.johnxxxxxxgd.com)
[000.546]     ~~>     EHLO checktls.com
[000.585]     <~~     250-panel.johnxxxxxxgd.com
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.586]         TLS successfully started on this server
[000.586]     ~~>     MAIL FROM:<test@checktls.com>
[000.636]     <~~     250 2.1.0 Ok
[000.636]         Sender is OK
[000.637]     ~~>     RCPT TO:<admin@johnxxxxxxgd.com>
[000.687]     <~~     250 2.1.5 Ok
[000.687]         Recipient OK, E-mail address proofed
[000.688]     ~~>     QUIT
[000.726]     <~~     221 2.0.0 Bye
Reply
Thanks given by:
#4
RE: Outgoing mail not encrypted
Zombie8u What are you using to send the email? RoundCube?
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#5
RE: Outgoing mail not encrypted
(10-15-2015, 09:52 PM)apinto Wrote: What are you using to send  the email? RoundCube?

Thanks for your reply's.



That email reply was from using Thunderbird email client to send, I've also tried using Roundcube and I still recieve message "Your email was sent, however it was NOT SENT SECURELY using TLS".

Here is the message back from using Roundcube to send email.



Below are the details from your CheckTLS TestSender test
from <admin@johnxxxxxxgd.com> via [60.12.50.27]
run on 2015-10-15 08:05:35 EDT.
Original email Subject: 9nmf3ux5yttph

Your email was sent, however it was NOT SENT SECURELY using TLS.

A transcript of the eMail SMTP session is below:
--> this would be a line from your email system to our test
<-- and this would be a line to your email system from our test

If TLS was negotiated, a line is added:
====tls negotiation successful (cypher: cyphername, client cert: certinfo)

Everything after that line is secure (encrypted), as indicated by:
~~> commands from your system then have wiggly lines
<~~ and responses from our system do too

Any errors that the test noticed are noted in the log by asterisk boxes:
***************************************
*** ********** Error Note ********* ***
***                                 ***
*** The error message would be here ***
***                                 ***
***************************************
***************************************

___TRANSCRIPT BEGINS ON THE NEXT LINE___
<-- 220 ts3.checktls.com CheckTLS TestSender Thu, 15 Oct 2015 08:05:34 -0400
--> EHLO panel.johnxxxxxxgd.com
<-- 250-ts3.checktls.com Hello johnxxxxxxgd.com [60.12.50.27], pleased to meet you
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
--> MAIL FROM:<admin@johnxxxxxxgd.com>
<-- 250 Ok - mail from admin@johnxxxxxxgd.com
--> RCPT TO:<test@TestSender.CheckTLS.com>
<-- 250 Ok - recipient test@TestSender.CheckTLS.com
--> DATA
<-- 354 Send data.  End with CRLF.CRLF
--> Received: from panel.johnxxxxxxgd.com (localhost [IPv6:::1])
-->     by panel.johnxxxxxxgd.com (Postfix) with ESMTPA id 7CA7C2161560
-->     for <test@TestSender.CheckTLS.com>; Thu, 15 Oct 2015 07:05:34 -0500 (CDT)
--> MIME-Version: 1.0
--> Content-Type: multipart/alternative;
-->  boundary="=_70bf6510a0d79060657ec1bad0be9339"
--> Date: Thu, 15 Oct 2015 07:05:34 -0500
--> From: admin@johnxxxxxxgd.com
--> To: test@TestSender.CheckTLS.com
--> Subject: 9nmf3ux5yttph
--> Message-ID: <3d6cdd2c3507eda997c8fdfa547999fc@johnxxxxxxgd.com>
--> X-Sender: admin@johnxxxxxxgd.com
--> User-Agent: Roundcube Webmail/1.0.4
-->
--> --=_70bf6510a0d79060657ec1bad0be9339
--> Content-Transfer-Encoding: 7bit
--> Content-Type: text/plain; charset=US-ASCII
-->
-->  
-->
--> This is a test message.
-->  
--> --=_70bf6510a0d79060657ec1bad0be9339
--> Content-Transfer-Encoding: quoted-printable
--> Content-Type: text/html; charset=UTF-8
-->
--> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
--> <html><body style=3D'font-size: 10pt; font-family: Verdana,Geneva,sans-seri=
--> f'>
--> <p>This is a test message.</p>
--> <div>&nbsp;</div>
--> </body></html>
-->
--> --=_70bf6510a0d79060657ec1bad0be9339--
-->
--> .
<-- 250 Ok
--> QUIT
<-- 221 ts3.checktls.com closing connection
Reply
Thanks given by:
#6
RE: Outgoing mail not encrypted
Check twice you followed the guide here:

http://forums.sentora.org/showthread.php?tid=46

or post you config files you modified.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:
#7
RE: Outgoing mail not encrypted
(10-15-2015, 11:00 PM)Me.B Wrote: Check twice you followed the guide here:

http://forums.sentora.org/showthread.php?tid=46

or post you config files you modified.

M B

I doubled checked, maybe I still missed something.

Thanks in advance!

Here is my /etc/postfix/main.cf

Code:
# postfix config file

# uncomment for debugging if needed
soft_bounce=yes

# postfix main
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4

# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

# network settings
inet_interfaces = all
mydomain = panel.johnxxxxxxgd.com
myhostname = panel.johnxxxxxxgd.com
mynetworks = 127.0.0.1, 60.12.50.27
mydestination = localhost.$mydomain, localhost
relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf

# mail delivery
recipient_delimiter = +

# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#transport_maps
= hash:/etc/postfix/transport
#local_recipient_maps
=

# virtual setup
virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
                    regexp:/etc/sentora/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/sentora/vmail
virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 999
virtual_uid_maps = static:999
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# debugging
debug_peer_level = 2
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        xxgdb $daemon_directory/$process_name $process_id & sleep 5


# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth


# tls config


smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem



# rules restrictions
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,
       permit_mynetworks,
       reject_unauth_destination,
       reject_non_fqdn_sender,
       reject_non_fqdn_recipient,
       reject_unknown_recipient_domain
# uncomment for realtime black list checks. (Warn: will also reject false positive)
#       ,reject_rbl_client zen.spamhaus.org
#       ,reject_rbl_client bl.spamcop.net
#       ,reject_rbl_client dnsbl.sorbs.net

smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_banner = $myhostname ESMTP

message_size_limit = 20480000

Here is my /etc/postfix/master.cf

Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
submission      inet    n       -       n       -       -       smtpd
#  -o content_filter=smtp-amavis:127.0.0.1:10024
#  -o receive_override_options=no_address_mappings
pickup    fifo  n       -       n       60      1       pickup
  -o content_filter=
  -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# ====================================================================
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# spam/virus section
#
smtp-amavis  unix  -    -       y       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o disable_dns_lookups=yes
  -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n  -       y       -       -       smtpd
  -o content_filter=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o receive_override_options=no_header_body_checks
  -o smtpd_helo_required=no
  -o smtpd_client_restrictions=
  -o smtpd_restriction_classes=
  -o disable_vrfy_command=no
  -o strict_rfc821_envelopes=yes
#
# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
#
# Vacation mail
vacation    unix  -       n       n       -       -       pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}


Here is my /etc/dovecot/dovecot.conf

Code:
##
## Dovecot config file
##
listen = *
disable_plaintext_auth = no
ssl = yes
ssl_cert = </etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem
ssl_key = </etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem
ssl_ca = </etc/postfix/ssl/cacert.pem
log_timestamp = %Y-%m-%d %H:%M:%S
#log_timestamp
was present only in Ubuntu file
protocols = imap pop3 lmtp sieve
auth_mechanisms = plain login
passdb {
 driver = sql
 args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
}
userdb {
 driver = prefetch
}
userdb {
 driver = sql
 args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
}
mail_location = maildir:/var/sentora/vmail/%d/%n
first_valid_uid = 999
last_valid_uid = 999

first_valid_gid = 8
last_valid_gid = 8
#mail_plugins
=
mailbox_idle_check_interval = 30 secs
maildir_copy_with_hardlinks = yes
service imap-login {
 inet_listener imap {
   port = 143
 }
}
service pop3-login {
 inet_listener pop3 {
   port = 110
 }
}
service lmtp {
 unix_listener lmtp {
   
#mode
= 0666
 }
}
service imap {
 vsz_limit = 256M
}
service pop3 {
}
service auth {
 unix_listener auth-userdb {
   mode = 0666
   user = vmail
   group = mail
 }

 # Postfix smtp-auth
 unix_listener /var/spool/postfix/private/auth {
   mode = 0666
   user = postfix
   group = postfix
 }
}

service auth-worker {
}
service dict {
 unix_listener dict {
   mode = 0666
   user = vmail
   group = mail
 }
}
service managesieve-login {
 inet_listener sieve {
   port = 4190
 }
 service_count = 1
 process_min_avail = 0
 vsz_limit = 64M
}
service managesieve {
}
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
 mail_plugins = quota sieve
 postmaster_address = postmaster@panel.johnxxxxxxgd.com
}
protocol imap {
 mail_plugins = quota imap_quota trash
 imap_client_workarounds = delay-newmail
}
lmtp_save_to_detail_mailbox = yes

protocol lmtp {
 mail_plugins = quota sieve
}
protocol pop3 {
 mail_plugins = quota
 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
 pop3_uidl_format = %08Xu%08Xv
#pop3_uidl_format
was present only in ubuntu file
}
protocol sieve {
 managesieve_max_line_length = 65536
 managesieve_implementation_string = Dovecot Pigeonhole
 managesieve_max_compile_errors = 5
}
dict {
 quotadict = mysql:/etc/sentora/configs/dovecot2/dovecot-dict-quota.conf
}
plugin {
# quota = dict:User quota::proxy::quotadict
 quota = maildir:User quota
 acl = vfile:/etc/dovecot/acls
 trash = /etc/sentora/configs/dovecot2/dovecot-trash.conf
 sieve_global_path = /var/sentora/sieve/globalfilter.sieve
 sieve = ~/dovecot.sieve
 sieve_dir = ~/sieve
 sieve_global_dir = /var/sentora/sieve/
 
#sieve_extensions
= +notify +imapflags
 sieve_max_script_size = 1M
 
#sieve_max_actions
= 32
 
#sieve_max_redirects
= 4
}

log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
debug_log_path = /var/log/dovecot-debug.log
mail_debug=yes
Reply
Thanks given by:
#8
RE: Outgoing mail not encrypted
Try this:
Code:
# postfix config file

#...

# tls config

#CHANGE
#smtp_use_tls
= no
smtp_use_tls = yes

smtpd_use_tls = yes

#ADD
smtpd_enforce_tls = no

smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

#...

Also, make sure you use the following settings on Thunderbird/Mail Client:
  • Server: mail.johnxxxxxxgd.com
  • Port: 995
  • User Name: info@johnxxxxxxgd.com
  • Con. Security: SSL/TLS
  • Auth: Normal Password
If you are using Connection Security: None (default for Thunderbird) it will always send unsecured emails.

Also, using the localhost of your server (for ex. RoundCube) it does not send the emails secured by default, and it does NOT NEED TO because SSL secures the client-server connection, if your client is inside the server it is already "secured".
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by: Mazerunner04 , ashok
#9
RE: Outgoing mail not encrypted
(10-16-2015, 06:16 AM)apinto Wrote: Try this:
Code:
# postfix config file

#...

# tls config

#CHANGE
#smtp_use_tls
= no
smtp_use_tls = yes

smtpd_use_tls = yes

#ADD
smtpd_enforce_tls = no

smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

#...

Also, make sure you use the following settings on Thunderbird/Mail Client:
  • Server: mail.johnxxxxxxgd.com
  • Port: 995
  • User Name: info@johnxxxxxxgd.com
  • Con. Security: SSL/TLS
  • Auth: Normal Password
If you are using Connection Security: None (default for Thunderbird) it will always send unsecured emails.

Also, using the localhost of your server (for ex. RoundCube) it does not send the emails secured by default, and it does NOT NEED TO because SSL secures the client-server connection, if your client is inside the server it is already "secured".

Thanks for your reply.

That worked, making those two changes to the file seemed to do the trick for me.

My connections settings in thunderbird are
  • Server: mail.johnxxxxxxgd.com
  • Port: 587
  • User Name: admin@johnxxxxxxgd.com
  • Con. Security: STARTTLS
  • Auth: Normal Password
If I change it to your suggestions I get this error "An error occurred while sending mail: The mail server sent an incorrect greeting:  +OK Dovecot (Ubuntu) ready.."



Thanks for all your help
Reply
Thanks given by:
#10
RE: Outgoing mail not encrypted
(10-16-2015, 07:14 AM)Zombie8u Wrote:
(10-16-2015, 06:16 AM)apinto Wrote: Try this:
Code:
# postfix config file

#...

# tls config

#CHANGE
#smtp_use_tls
= no
smtp_use_tls = yes

smtpd_use_tls = yes

#ADD
smtpd_enforce_tls = no

smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/mail.johnxxxxxxgd.com.crt.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

#...

Also, make sure you use the following settings on Thunderbird/Mail Client:
  • Server: mail.johnxxxxxxgd.com
  • Port: 995
  • User Name: info@johnxxxxxxgd.com
  • Con. Security: SSL/TLS
  • Auth: Normal Password
If you are using Connection Security: None (default for Thunderbird) it will always send unsecured emails.

Also, using the localhost of your server (for ex. RoundCube) it does not send the emails secured by default, and it does NOT NEED TO because SSL secures the client-server connection, if your client is inside the server it is already "secured".

Thanks for your reply.

That worked, making those two changes to the file seemed to do the trick for me.

My connections settings in thunderbird are
  • Server: mail.johnxxxxxxgd.com
  • Port: 587
  • User Name: admin@johnxxxxxxgd.com
  • Con. Security: STARTTLS
  • Auth: Normal Password
If I change it to your suggestions I get this error "An error occurred while sending mail: The mail server sent an incorrect greeting:  +OK Dovecot (Ubuntu) ready.."



Thanks for all your help

Yah to use TLS you need another setup on master.cf
Honestly I dont even remember what I did Wink

Glad it worked!!
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
External mail client cannot connect to server iraqiboy90 2 7 ,017 02-28-2021, 11:34 AM
Last Post: iraqiboy90
Postfix mail.log to database stikekar 2 8 ,232 03-02-2019, 01:22 AM
Last Post: TGates
E-mail quota limit danandrade 6 28 ,071 08-28-2018, 05:22 PM
Last Post: speeddemon786

Forum Jump:


Users browsing this thread: 5 Guest(s)