Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
1 vote
0 answers
25 views

Outlook.com does not send mails to my Postfix server but terminates SMTP session immediately with "QUIT"

I am running my own Postfix instance. TLS certificates are from Letsencrypt, DANE and DNSSEC is working. Outlook. com is unable to send any mail to my Postfix instance, but closes the SMTP session ...
user2690527's user avatar
0 votes
1 answer
96 views

Postfix client submission using TLS

I recently set up a Postfix mail server on Ubuntu to relay emails from my apps to Office365. Postfix to O365 works without problem but I also want my apps to connect to Postfix using TLS where ...
smwk's user avatar
  • 590
0 votes
0 answers
101 views

Postfix: How to set the minimum number of bits for (non-EC) DH key exchange?

I am currently assessing the TLS security of a Postfix mail server and among other things sslscan reported that the server allows a (non-EC) DH exchange with only 1024 bits. While one solution would ...
user2690527's user avatar
0 votes
2 answers
269 views

Postfix TLS with Letsencrypt configuration

I am running Postfix inside a docker container. Certificate are generated with certbot. With the following configuration: smtpd_tls_cert_file=/var/keys/fullchain.pem smtpd_tls_key_file=/var/keys/...
Chrzanek's user avatar
1 vote
0 answers
111 views

Postfix sends using TLS but no info in Delivery Notice (DSN) mail

I got a postfix server runnig with DKIM and TLS for SMTP and SMPTD also configured. When I send a test mail to my gmail account it always states Standard-Encryption TLS which is fine. Also the headers ...
Netnoob's user avatar
  • 11
0 votes
1 answer
202 views

Specific incoming mail to postfix rejected by sslv3 alert bad certifica te:s3_pkt.c:1493:SSL alert number 42:

I have postfix running on mail.myserver.com for the past 15+ years, successfully receiving and sending mail. All certs are fully valid using Let's Encrypt. I can verify that they are fine using ...
Kurt Granroth's user avatar
0 votes
1 answer
1k views

How to get both ECC & RSA certificates from Let's Encrypt for Postfix?

Let's Encrypt has started issuing ECC certificates by default since Certbot 2.0. This is not a problem for modern web browsers, but Let's Encrypt certificates can be used for other purposes than HTTPS,...
Esa Jokinen's user avatar
  • 50.2k
2 votes
1 answer
342 views

What are the correct settings to enable TLS between Postfix and Dovecot via LMTP?

I am trying to get Postfix to forward mail via LMTP to Dovecot. This works fine when TLS is turned off in the settings on both sides. Once TLS settings are enabled, Postfix connects via LMTP and ...
Nick's user avatar
  • 4,646
1 vote
1 answer
93 views

Postfix Dovecot connection with MySQL8 SSL mode disabled

I have a production running installation of Postfix 3.1 and Dovecot. Recently upgraded to a new version of MySQL, passing from 5.6 to 8 hosted in a new server. The problem now is that postfix and ...
Sergi's user avatar
  • 113
0 votes
1 answer
215 views

Postfix: Different TLS certificates for each hosted virtual mail domain

I have a single machine with a single Postfix instance which hosts different virtual mail domains. Is it possible to configure Postfix such that is uses different TLS server certificates (with ...
user2690527's user avatar
0 votes
1 answer
76 views

Using Postfix as relay to upgrade encryption

I have some embedded devices which receive no more firmware upgrades. They are only capable of sending mails with TLSv1.1 which is no longer supported by public mail servers. So my idea is to setup a ...
Hans's user avatar
  • 1
0 votes
0 answers
256 views

stunnel smtp tls frontend server/proxy for remote backend postfix

I'm running stunnel in server mode and listening on port 587 and trying to connect to a remote postfix server running on port 25. NB: the two servers are connected via zerortier, which may or may not ...
espeed's user avatar
  • 159
0 votes
1 answer
89 views

can't get email from exchange to postfix

I configured a postfix mail server to receive emails. I enable TLS as per security requirements as well as port 25 is banned by the provider. I enabled both 465 and 587 with the following on master.cf ...
virgo's user avatar
  • 1
1 vote
2 answers
96 views

alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45 when sending mails from the same server that hosts postfix

So, I have setup an smtp server using smtp in a Debian 11 machine. It works perfect when sending emails from my phone and my computer, but it does not work when trying to send emails from the same ...
Gottfried Rosenberger's user avatar
2 votes
0 answers
312 views

need help to configure postfix / dovecot + SSL for ports 993, 465 + virtual mail/accounts from file + CRAM-MD5 authentification

I have some issues in my configs to have an full functional mailserver with CRAM-MD5 authentification for only port 993 and 465. Plz help me and others to get an right config file struct for ubuntu ...
trash2's user avatar
  • 43
0 votes
1 answer
105 views

Postfix Accept only pop3s and imaps accounts

Today i found out accidentally that somehow i can send emails from my postfix mailserver on plain old smtp pot 25. I m scratching my head why is that, even tho i configured postfix to accept only ...
cz.steve's user avatar
0 votes
2 answers
1k views

SSL Certificate not valid on SNI server - Dovecot/Postfix

I've got a Dovecot/Postfix server running on a Raspberry Pi running Raspbian 10 (Buster) I have two domain names running on the same server which for privacy I'll call DOMAIN 1 and DOMAIN 2. Both have ...
The All Powerful's user avatar
0 votes
2 answers
735 views

What are the correct Postfix settings to enable legacy TLS v1.0 connections from an aging Windows XP box?

I have an aging WinXP Embedded SP3 box (don't judge; We're in the process of deprecating it) which need to send email for status updates etc. This used to use GMail but they're going to turn off ...
Jon Cage's user avatar
  • 329
0 votes
1 answer
762 views

Can't get incoming mail over TLS for Postfix SMTP Relay

I have a Postfix Ubuntu VM acting as a mail relay server, which accepts mail on port 25 and forwards it on to Microsoft Exchange online for delivery. This has been working fine for months. Now I need ...
websterm's user avatar
1 vote
1 answer
3k views

How to disable client-initiated renegotiation in Postfix?

How to disable client-initiated renegotiation in Postfix?
ComputerBas's user avatar
0 votes
1 answer
1k views

SSL certificate - conflicting expiry dates [duplicate]

I am experiencing a weired issue regarding a letsencrypt SSL certificate on my postfix mail server. According to certbot: "The following certs are not due for renewal yet: /etc/letsencrypt/live//...
randmin's user avatar
  • 69
0 votes
0 answers
1k views

tls negotiation failed the certificate doesn't match the host

I'm tryin to setup Gmail send-as to send email via my SMTP server over TLS and I get "tls negotiation failed the certificate doesn't match the host" ever since I renewed my lets encrypt cert....
eng3's user avatar
  • 177
1 vote
1 answer
5k views

Postfix is getting "TLS Is required, but was not offered by host"

I've searched every forum, every article, every serverfault.com post for this issue. I'm using a fresh setup of Postfix. It is managed by Virtualmin. Whenever I try to send mail via TLS, I get the ...
Ashley's user avatar
  • 41
2 votes
1 answer
4k views

Postfix, TLS and self-signed certificates

I'm trying to set up postfix with TLS. I've refreshed it by doing the following which removes the defaults so that tls enable-server update the main.cf file and generates certificates: sudo postconf -...
user3168961's user avatar
1 vote
1 answer
178 views

Gmail failing to accept TLS

I recently set up a postfix mail server. Testing it with other domains, everything seems to work well. However, when my server tries to send messages to gmail, they are marked as spam, with the red ...
Onion's user avatar
  • 21
0 votes
1 answer
259 views

Cannot use my postfix smtp to send mails from gmail

I have a postfix/dovecot setup on ubuntu 20.04, on a remote VPS, allowing only ssl/tls transactions. I can send/receive mails with it from a thunderbird client on my local machine. I can receive its ...
r0dy's user avatar
  • 1
1 vote
1 answer
194 views

Postfix client sasl 465 bounced 550 sender rejected (in reply to MAIL FROM command)

I'm tring to send an email through my mail provider but I get rejected, is there something wrong with my config file ? echo "Hello" | mail -s "hi" [email protected] Gives me status:...
Yvain's user avatar
  • 121
0 votes
2 answers
209 views

Postfix can't receive external mails since TLS has been set up

I have a postfix mail server with which I am able to : send mails (to google for example) with the commande : "echo foo | mail -s 'bar' [email protected]" send mails with php mail() send and ...
Mr Bricole's user avatar
1 vote
0 answers
667 views

How to get Postfix to work with Dovecot using an LMTP inet_listener and SSL?

I'm trying to get Postfix 3.4.13 to deliver mail to a remote Dovecot 2.3.7.2 instance using an LMTP inet_listener with SSL turned on. LMTP works fine without SSL enabled, and other Dovecot protocols ...
jetboy's user avatar
  • 922
0 votes
0 answers
46 views

Confusions regarding RSA certificates, TLS encryption, and virtual users when setting up a mail server

I'm currently trying to understand the process of creating a mail server by following this guide, among others. There are some parts I'm confused about. I will go through one by one. Before I start, I ...
sangstar's user avatar
2 votes
1 answer
12k views

How to disable TLS_AES_128_GCM_SHA256 (or, how to set TLSv1.3 ciphers) in postfix

I have the following in my TLS configuration, but the only problem I have is that TLS_AES_128_GCM_SHA256 is a 128 bit cipher, and I would like to remove it: smtpd_tls_eecdh_grade = ultra ...
user avatar
0 votes
0 answers
329 views

How to disable secure renegotiation on Port 465 in Postfix

How to disable secure renegotiation on Port 465 in Postfix? I have disabled it on port 25 and 587 using tls_ssl_options directive. But I am unable to find a solution to disable it on port 465. My 465 ...
user avatar
4 votes
2 answers
3k views

Disable Postfix server TLS for specific clients

I encountered troubles with some bad server trying to send me some emails that I desperately need. The sender always requests STARTTLS but fails to establish a TLS (v1.2+ as supported by my server) ...
Adrien Clerc's user avatar
4 votes
2 answers
4k views

Postfix cannot load Certification Authority data error

I'm trying to use postfix as gmail relay smtp parameters are smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noanonymous ...
AndreaF's user avatar
  • 225
2 votes
1 answer
2k views

Postfix 3.3.1 on Centos 8 can't enable TLSv1 or TLSv1.1

I recently migrated my main mail server to a new one, the old one had been running for almost 10 years and was the production server for around 20 domains and over 40 mailboxes. Everything went well ...
moray's user avatar
  • 63
0 votes
1 answer
623 views

laravel shows error when sending email using tls and my own postfix/virtualmin server

We have installed our own postfix/virtualmin server and we have a laravel application,the problem is when we use external smtp servers, it is not problem to use tls option, and the emails are getting ...
logax's user avatar
  • 139
2 votes
1 answer
2k views

Getting postfix to relay SMTP/SSL/TLS to Charter/Spectrum

I'm running Postfix on Debian as an MX for a small LAN and trying to get SMTPS working with mobile.charter.net over port 587. I followed a few links off google for setting this up along with a post on ...
Nstevens's user avatar
  • 331
0 votes
0 answers
545 views

KeyExchange and ciphers in postfix, enforcing a specific key for exchange

My mailserver has troubles in the TLS handshake with a particular other mailserver. Doing some tests it turns out that the two servers do not have ciphers in common. Now the problem is that there are ...
tribis's user avatar
  • 51
0 votes
1 answer
296 views

Postfix encryption not available

EDIT #2 What's this error? Aug 17 02:27:19 mail postfix/smtpd[1197]: lost connection after CONNECT from unknown[x.x.x.x] Aug 17 02:27:19 mail postfix/smtpd[1197]: disconnect from unknown[x.x.x.x] Aug ...
Polaq's user avatar
  • 1
0 votes
2 answers
1k views

Does smtpd_tls_CApath have precedence over smtpd_tls_CAfile or vice versa in postfix?

I am configuring a postfix server (Version 3.3.1 on CentOS 8) If I configure both, smtpd_tls_CAfile and smtpd_tls_CApath, will postfix load all the certificates or will it choose one of the options ...
Bruno's user avatar
  • 1
0 votes
1 answer
2k views

Dovecot/Postfix: Cannot retrieve email from server due to connection timing out

I am running Dovecot and Postfix on a CentOS 8 server, with Nginx and LetsEncrypt for SSL/TLS. I'm using the virtual user and domains configuration. OpenDKIM, OpenDMARC, ClamAV and SpamAssassin are ...
SKNB's user avatar
  • 125
0 votes
1 answer
3k views

PHPMailer stopped working. Postfix SSL alert number 45

PHPMailer worked fine until June 1st 2020. The SSL certificate for the site sending the email is valid from June 1st 2019 to June 1st 2021 and is accepted fine in the browser, but postfix suddenly has ...
Altimus Prime's user avatar
1 vote
1 answer
1k views

Deny non TLS incoming mail with postfix and force certificate check

I want to deny non TLS incoming mails on my postfix server. Here is what i've done: smtpd_tls_security_level = encrypt smtpd_tls_auth_only = yes I do not really understand the difference between ...
Bob5421's user avatar
  • 429
0 votes
1 answer
156 views

Postifx TLS certificate validation from clients on local subnet behind the firewall

I have a working postfix server behind firewall configured with graylisting, DKIM, SFP, amavis and clamav and properly configured MX, “A” record and reverse DNS entry. I can send and receive mails to ...
donkey's user avatar
  • 3
0 votes
1 answer
556 views

Forcing encryption for outgoing SMTP with Postfix *per User*

I'm trying to configure postifx smtp_tls_policy_maps so that i can set per user outgoing emails must be encrypted. One example is the email provider mailbox.org. As one can infer from the job ...
Gurkengewuerz's user avatar
-1 votes
1 answer
10k views

sslv3 alert bad certificate when attempting to connect with Mail Client

I have a Debian vServer with a pre-installed Froxlor. Froxlor uses Dovecot and Postfix for mailservers. I set up 1 catchall email address which forwards all messages to my private mail. This is all ...
user3367856's user avatar
3 votes
1 answer
3k views

Postfix combinations of TLS/STARTTLS and ports 465/587

I'm setting up a barebones Postfix mail server and have this observation: TLS works on port 465 STARTTLS works on port 587 TLS does NOT work on port 587 STARTTLS does NOT work on port 465 Is this ...
Brian's user avatar
  • 181
1 vote
0 answers
114 views

LetsEncrypt TLS Cert invalid? "EVP_MD_size:message digest is null"

I am finding this in my logs for postfix, I'm using a LetsEncrypt certificate but I'm unable to find any useful information online about it. Does anybody know if this is a problem or something that ...
Christopher Thomas's user avatar
2 votes
1 answer
8k views

Postfix using backwards-compatible (SSL/TLS only Mailserver)

I run a SSL/TLS mail server with Postfix and Dovecot over SMTPS (465) and IMAPS (993). Unencrypted connections do not work and there is no fallback. Every time I restart Postfix I get the message "...
br0ken.pipe's user avatar
0 votes
0 answers
594 views

IPv6 is resolved from G suite relay address cause "Invalid credentials" when sending via postfix test

I came across a wired issue it is obviously Gmail relay service resolved as IPv4/v6 randomly, which causes the authentication not passed. I used DigitalOcean Ubuntu 18.10 + Postfix + G Suite account +...
Vincent's user avatar
  • 113