All Questions
188
questions
1
vote
0
answers
25
views
Outlook.com does not send mails to my Postfix server but terminates SMTP session immediately with "QUIT"
I am running my own Postfix instance. TLS certificates are from Letsencrypt, DANE and DNSSEC is working. Outlook. com is unable to send any mail to my Postfix instance, but closes the SMTP session ...
- 279
0
votes
1
answer
96
views
Postfix client submission using TLS
I recently set up a Postfix mail server on Ubuntu to relay emails from my apps to Office365. Postfix to O365 works without problem but I also want my apps to connect to Postfix using TLS where ...
- 590
0
votes
0
answers
101
views
Postfix: How to set the minimum number of bits for (non-EC) DH key exchange?
I am currently assessing the TLS security of a Postfix mail server and among other things sslscan reported that the server allows a (non-EC) DH exchange with only 1024 bits.
While one solution would ...
- 279
0
votes
2
answers
269
views
Postfix TLS with Letsencrypt configuration
I am running Postfix inside a docker container. Certificate are generated with certbot.
With the following configuration:
smtpd_tls_cert_file=/var/keys/fullchain.pem
smtpd_tls_key_file=/var/keys/...
- 3
1
vote
0
answers
111
views
Postfix sends using TLS but no info in Delivery Notice (DSN) mail
I got a postfix server runnig with DKIM and TLS for SMTP and SMPTD also configured.
When I send a test mail to my gmail account it always states Standard-Encryption TLS which is fine. Also the headers ...
- 11
0
votes
1
answer
202
views
Specific incoming mail to postfix rejected by sslv3 alert bad certifica te:s3_pkt.c:1493:SSL alert number 42:
I have postfix running on mail.myserver.com for the past 15+ years, successfully receiving and sending mail. All certs are fully valid using Let's Encrypt. I can verify that they are fine using ...
- 103
0
votes
1
answer
1k
views
How to get both ECC & RSA certificates from Let's Encrypt for Postfix?
Let's Encrypt has started issuing ECC certificates by default since Certbot 2.0. This is not a problem for modern web browsers, but Let's Encrypt certificates can be used for other purposes than HTTPS,...
- 50.2k
2
votes
1
answer
342
views
What are the correct settings to enable TLS between Postfix and Dovecot via LMTP?
I am trying to get Postfix to forward mail via LMTP to Dovecot. This works fine when TLS is turned off in the settings on both sides.
Once TLS settings are enabled, Postfix connects via LMTP and ...
- 4,646
1
vote
1
answer
93
views
Postfix Dovecot connection with MySQL8 SSL mode disabled
I have a production running installation of Postfix 3.1 and Dovecot. Recently upgraded to a new version of MySQL, passing from 5.6 to 8 hosted in a new server.
The problem now is that postfix and ...
- 113
0
votes
1
answer
215
views
Postfix: Different TLS certificates for each hosted virtual mail domain
I have a single machine with a single Postfix instance which hosts different virtual mail domains.
Is it possible to configure Postfix such that is uses different TLS server certificates (with ...
- 279
0
votes
1
answer
76
views
Using Postfix as relay to upgrade encryption
I have some embedded devices which receive no more firmware upgrades. They are only capable of sending mails with TLSv1.1 which is no longer supported by public mail servers.
So my idea is to setup a ...
- 1
0
votes
0
answers
256
views
stunnel smtp tls frontend server/proxy for remote backend postfix
I'm running stunnel in server mode and listening on port 587 and trying to connect to a remote postfix server running on port 25.
NB: the two servers are connected via zerortier, which may or may not ...
google-cloud-platform
0
votes
1
answer
89
views
can't get email from exchange to postfix
I configured a postfix mail server to receive emails.
I enable TLS as per security requirements as well as port 25 is banned by the provider.
I enabled both 465 and 587 with the following on master.cf
...
- 1
1
vote
2
answers
96
views
alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45 when sending mails from the same server that hosts postfix
So, I have setup an smtp server using smtp in a Debian 11 machine. It works perfect when sending emails from my phone and my computer, but it does not work when trying to send emails from the same ...
2
votes
0
answers
312
views
need help to configure postfix / dovecot + SSL for ports 993, 465 + virtual mail/accounts from file + CRAM-MD5 authentification
I have some issues in my configs to have an full functional mailserver with CRAM-MD5 authentification for only port 993 and 465. Plz help me and others to get an right config file struct for ubuntu ...
- 43
0
votes
1
answer
105
views
Postfix Accept only pop3s and imaps accounts
Today i found out accidentally that somehow i can send emails from my postfix mailserver on plain old smtp pot 25. I m scratching my head why is that, even tho i configured postfix to accept only ...
- 3
0
votes
2
answers
1k
views
SSL Certificate not valid on SNI server - Dovecot/Postfix
I've got a Dovecot/Postfix server running on a Raspberry Pi running Raspbian 10 (Buster) I have two domain names running on the same server which for privacy I'll call DOMAIN 1 and DOMAIN 2. Both have ...
0
votes
2
answers
735
views
What are the correct Postfix settings to enable legacy TLS v1.0 connections from an aging Windows XP box?
I have an aging WinXP Embedded SP3 box (don't judge; We're in the process of deprecating it) which need to send email for status updates etc.
This used to use GMail but they're going to turn off ...
- 329
0
votes
1
answer
762
views
Can't get incoming mail over TLS for Postfix SMTP Relay
I have a Postfix Ubuntu VM acting as a mail relay server, which accepts mail on port 25 and forwards it on to Microsoft Exchange online for delivery. This has been working fine for months.
Now I need ...
- 1
1
vote
1
answer
3k
views
How to disable client-initiated renegotiation in Postfix?
How to disable client-initiated renegotiation in Postfix?
- 132
0
votes
1
answer
1k
views
SSL certificate - conflicting expiry dates [duplicate]
I am experiencing a weired issue regarding a letsencrypt SSL certificate on my postfix mail server.
According to certbot: "The following certs are not due for renewal yet:
/etc/letsencrypt/live//...
- 69
0
votes
0
answers
1k
views
tls negotiation failed the certificate doesn't match the host
I'm tryin to setup Gmail send-as to send email via my SMTP server over TLS and I get "tls negotiation failed the certificate doesn't match the host" ever since I renewed my lets encrypt cert....
- 177
1
vote
1
answer
5k
views
Postfix is getting "TLS Is required, but was not offered by host"
I've searched every forum, every article, every serverfault.com post for this issue. I'm using a fresh setup of Postfix. It is managed by Virtualmin. Whenever I try to send mail via TLS, I get the ...
- 41
2
votes
1
answer
4k
views
Postfix, TLS and self-signed certificates
I'm trying to set up postfix with TLS.
I've refreshed it by doing the following which removes the defaults so that tls enable-server update the main.cf file and generates certificates:
sudo postconf -...
- 137
1
vote
1
answer
178
views
Gmail failing to accept TLS
I recently set up a postfix mail server. Testing it with other domains, everything seems to work well.
However, when my server tries to send messages to gmail, they are marked as spam, with the red ...
- 21
0
votes
1
answer
259
views
Cannot use my postfix smtp to send mails from gmail
I have a postfix/dovecot setup on ubuntu 20.04, on a remote VPS, allowing only ssl/tls transactions.
I can send/receive mails with it from a thunderbird client on my local machine.
I can receive its ...
- 1
1
vote
1
answer
194
views
Postfix client sasl 465 bounced 550 sender rejected (in reply to MAIL FROM command)
I'm tring to send an email through my mail provider but I get rejected, is there something wrong with my config file ?
echo "Hello" | mail -s "hi" [email protected]
Gives me
status:...
- 121
0
votes
2
answers
209
views
Postfix can't receive external mails since TLS has been set up
I have a postfix mail server with which I am able to :
send mails (to google for example) with the commande : "echo foo | mail -s 'bar' [email protected]"
send mails with php mail()
send and ...
1
vote
0
answers
667
views
How to get Postfix to work with Dovecot using an LMTP inet_listener and SSL?
I'm trying to get Postfix 3.4.13 to deliver mail to a remote Dovecot 2.3.7.2 instance using an LMTP inet_listener with SSL turned on. LMTP works fine without SSL enabled, and other Dovecot protocols ...
- 922
0
votes
0
answers
46
views
Confusions regarding RSA certificates, TLS encryption, and virtual users when setting up a mail server
I'm currently trying to understand the process of creating a mail server by following this guide, among others. There are some parts I'm confused about. I will go through one by one.
Before I start, I ...
- 63
2
votes
1
answer
12k
views
How to disable TLS_AES_128_GCM_SHA256 (or, how to set TLSv1.3 ciphers) in postfix
I have the following in my TLS configuration, but the only problem I have is that TLS_AES_128_GCM_SHA256 is a 128 bit cipher, and I would like to remove it:
smtpd_tls_eecdh_grade = ultra
...
user549144
0
votes
0
answers
329
views
How to disable secure renegotiation on Port 465 in Postfix
How to disable secure renegotiation on Port 465 in Postfix? I have disabled it on port 25 and 587 using tls_ssl_options directive. But I am unable to find a solution to disable it on port 465.
My 465 ...
user549144
4
votes
2
answers
3k
views
Disable Postfix server TLS for specific clients
I encountered troubles with some bad server trying to send me some emails that I desperately need.
The sender always requests STARTTLS but fails to establish a TLS (v1.2+ as supported by my server) ...
- 291
4
votes
2
answers
4k
views
Postfix cannot load Certification Authority data error
I'm trying to use postfix as gmail relay
smtp parameters are
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
...
- 225
2
votes
1
answer
2k
views
Postfix 3.3.1 on Centos 8 can't enable TLSv1 or TLSv1.1
I recently migrated my main mail server to a new one, the old one had been running for almost 10 years and was the production server for around 20 domains and over 40 mailboxes.
Everything went well ...
- 63
0
votes
1
answer
623
views
laravel shows error when sending email using tls and my own postfix/virtualmin server
We have installed our own postfix/virtualmin server and we have a laravel application,the problem is when we use external smtp servers, it is not problem to use tls option, and the emails are getting ...
- 139
2
votes
1
answer
2k
views
Getting postfix to relay SMTP/SSL/TLS to Charter/Spectrum
I'm running Postfix on Debian as an MX for a small LAN and trying to get SMTPS working with mobile.charter.net over port 587. I followed a few links off google for setting this up along with a post on ...
- 331
0
votes
0
answers
545
views
KeyExchange and ciphers in postfix, enforcing a specific key for exchange
My mailserver has troubles in the TLS handshake with a particular other mailserver.
Doing some tests it turns out that the two servers do not have ciphers in common.
Now the problem is that there are ...
- 51
0
votes
1
answer
296
views
Postfix encryption not available
EDIT #2
What's this error?
Aug 17 02:27:19 mail postfix/smtpd[1197]: lost connection after CONNECT from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1197]: disconnect from unknown[x.x.x.x]
Aug ...
- 1
0
votes
2
answers
1k
views
Does smtpd_tls_CApath have precedence over smtpd_tls_CAfile or vice versa in postfix?
I am configuring a postfix server (Version 3.3.1 on CentOS 8)
If I configure both, smtpd_tls_CAfile and smtpd_tls_CApath, will postfix load all the certificates or will it choose one of the options ...
- 1
0
votes
1
answer
2k
views
Dovecot/Postfix: Cannot retrieve email from server due to connection timing out
I am running Dovecot and Postfix on a CentOS 8 server, with Nginx and LetsEncrypt for SSL/TLS. I'm using the virtual user and domains configuration. OpenDKIM, OpenDMARC, ClamAV and SpamAssassin are ...
- 125
0
votes
1
answer
3k
views
PHPMailer stopped working. Postfix SSL alert number 45
PHPMailer worked fine until June 1st 2020. The SSL certificate for the site sending the email is valid from June 1st 2019 to June 1st 2021 and is accepted fine in the browser, but postfix suddenly has ...
- 363
1
vote
1
answer
1k
views
Deny non TLS incoming mail with postfix and force certificate check
I want to deny non TLS incoming mails on my postfix server.
Here is what i've done:
smtpd_tls_security_level = encrypt
smtpd_tls_auth_only = yes
I do not really understand the difference between ...
- 429
0
votes
1
answer
156
views
Postifx TLS certificate validation from clients on local subnet behind the firewall
I have a working postfix server behind firewall configured with graylisting, DKIM, SFP, amavis and clamav and properly configured MX, “A” record and reverse DNS entry. I can send and receive mails to ...
- 3
0
votes
1
answer
556
views
Forcing encryption for outgoing SMTP with Postfix *per User*
I'm trying to configure postifx smtp_tls_policy_maps so that i can set per user outgoing emails must be encrypted.
One example is the email provider mailbox.org. As one can infer from the job ...
-1
votes
1
answer
10k
views
sslv3 alert bad certificate when attempting to connect with Mail Client
I have a Debian vServer with a pre-installed Froxlor. Froxlor uses Dovecot and Postfix for mailservers.
I set up 1 catchall email address which forwards all messages to my private mail. This is all ...
- 111
3
votes
1
answer
3k
views
Postfix combinations of TLS/STARTTLS and ports 465/587
I'm setting up a barebones Postfix mail server and have this observation:
TLS works on port 465
STARTTLS works on port 587
TLS does NOT work on port 587
STARTTLS does NOT work on port 465
Is this ...
- 181
1
vote
0
answers
114
views
LetsEncrypt TLS Cert invalid? "EVP_MD_size:message digest is null"
I am finding this in my logs for postfix, I'm using a LetsEncrypt certificate but I'm unable to find any useful information online about it. Does anybody know if this is a problem or something that ...
2
votes
1
answer
8k
views
Postfix using backwards-compatible (SSL/TLS only Mailserver)
I run a SSL/TLS mail server with Postfix and Dovecot over SMTPS (465) and IMAPS (993).
Unencrypted connections do not work and there is no fallback.
Every time I restart Postfix I get the message "...
- 167
0
votes
0
answers
594
views
IPv6 is resolved from G suite relay address cause "Invalid credentials" when sending via postfix test
I came across a wired issue it is obviously Gmail relay service resolved as IPv4/v6 randomly, which causes the authentication not passed.
I used DigitalOcean Ubuntu 18.10 + Postfix + G Suite account +...
- 113