Port 465 doesn't work

rarosrour · April 3, 2021, 8:52am

Hi !
i installed a certif to my email server and the configuration of IMAPs and Pop3s work !
i use my port 993 correctly !
but for my SMTP ! it work only 587 !
NB : i work with postfix and dovecot !
i tested the firwall ! 465 it allowed
i tested my port 465 on postfix it listen on 465 !

this is my main code

TLS parameters

smtpd_use_tls = yes
#smtpd_tls_cert_file=/etc/dovecot/private/dovecot.pem
#smtpd_tls_key_file=/etc/dovecot/private/dovecot.key
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.2m-partners.tn/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.2m-partners.tn/privkey.pem
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_use_tls = yes
#smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

this is my master code :

-o smtpd_sender_restrictions=$mua_sender_restrictions

-o smtpd_recipient_restrictions=

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes

-o smtpd_reject_unlisted_recipient=no

-o smtpd_client_restrictions=$mua_client_restrictions

-o smtpd_helo_restrictions=$mua_helo_restrictions

-o smtpd_sender_restrictions=$mua_sender_restrictions

-o smtpd_recipient_restrictions=

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject

#-o smtpd_tls_auth_only=yes
#-o smtpd_sasl_security_options=noanonymous,noplaintext

-o smtpd_sasl_tls_security_options=noanonymous

-o milter_macro_daemon_name=ORIGINATING

rarosrour · April 3, 2021, 8:56am

rarosrour · April 3, 2021, 8:58am

JuergenAuer · April 3, 2021, 9:04am

Hi @rarosrour

your port 465 works - but only with Tls.1.3.

That's too limited, allow Tls.1.2

PS: Haha, oh, what's that. Your port 465 + OpenSsl + Tls.1.2 answers - 20, 30 seconds? Terrible slow, so that's normally a timeout.

Osiris · April 3, 2021, 9:07am

It also answers with TLS 1.1 and TLS 1.0 @JuergenAuer It's just indeed often very slow. I just tested from TLS 1.3 back to SSL and in the beginning it was slow, but now with TLS 1.1 and TLS 1.0 it was fast again..

In any case, Postfix is working as expected

rarosrour · April 3, 2021, 9:26am

thanx ! yes this is the problem

system · May 3, 2021, 9:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.