Results 1 to 9 of 9

Thread: OS13.2 - Postfix configuration - Postfix talk on port 25 but expected to talk to port 465 (SMTP+SSL)

  1. #1
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default OS13.2 - Postfix configuration - Postfix talk on port 25 but expected to talk to port 465 (SMTP+SSL)

    Hello.
    I restart an old project of mine.
    Mail administration on small local network : 5 Linux users.
    Linux user may have up to 3 different mail address from different providers.
    Linux user reads and writes their mails from the local network :
    http://paste.opensuse.org/18134681

    Working conditions:
    1. No owned domain name
    2. No fixed IP adress behind the isp dsl modem
    3. The server on the local network run as DHCP server and dns server using dnsmasq. Postfix is configured and running
    4. Self signed cert has been generated for postfix and dovecot
    5. FW is configured
    6. For the moment, just testing postfix with an isp test account.
    7. Test mail with the command "telnet" and "mail" on a test user on the mail server machine.


    When testing postfix, I started by sending a mail via telnet. I have to modified /etc/postfix/master.cf and /etc/postfix/main.cf because I did not see the startTLS message.

    Now postfix try to send mail but connect to my ISP on port 25 which is not
    allowed. Here info from ISP site :
    Your login "my_user_name" is already authorized to make SMTP authenticated on "smtp.free.fr".
    Only encrypted password authentication methods are accepted. For example the use of SSL (on port 465) or of the ' MD5 Challenge-Response' (on port 587).

    Here test session :
    • Postfix start

    [CODE[hostname-1:~ # systemctl restart postfix.service
    hostname-1:~ # systemctl -l status postfix.service
    postfix.service - Postfix Mail Transport Agent
    Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
    Active: active (running) since Wed 2015-04-22 17:22:19 CEST; 3s ago
    Process: 9350 ExecStopPost=/etc/postfix/system/cond_slp deregister (code=exited, status=0/SUCCESS)
    Process: 9340 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
    Process: 9454 ExecStartPost=/etc/postfix/system/cond_slp register (code=exited, status=0/SUCCESS)
    Process: 9450 ExecStartPost=/etc/postfix/system/wait_qmgr 60 (code=exited, status=0/SUCCESS)
    Process: 9373 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
    Process: 9370 ExecStartPre=/etc/postfix/system/update_postmaps (code=exited, status=0/SUCCESS)
    Process: 9367 ExecStartPre=/etc/postfix/system/update_chroot (code=exited, status=0/SUCCESS)
    Process: 9363 ExecStartPre=/etc/postfix/system/config_postfix (code=exited, status=0/SUCCESS)
    Process: 9361 ExecStartPre=/bin/echo Starting mail service (Postfix) (code=exited, status=0/SUCCESS)
    Main PID: 9447 (master)
    CGroup: /system.slice/postfix.service
    ├─9447 /usr/lib/postfix/master -w
    ├─9448 pickup -l -t fifo -u
    └─9449 qmgr -l -t fifo -u

    Apr 22 17:22:18 hostname-1 echo[9361]: Starting mail service (Postfix)
    Apr 22 17:22:19 hostname-1 postfix/master[9447]: daemon started -- version 2.11.3, configuration /etc/postfix
    hostname-1:~ # [/CODE]


    • telnet

    Code:
    hostname-1:~ # telnet hostname-1.my-dom-test.nwk 25
    Trying 192.168.130.123...
    Connected to hostname-1.my-dom-test.nwk.
    Escape character is '^]'.
    220 hostname-1.localdomain ESMTP
    ehlo hostname-1.my-dom-test.nwk
    250-hostname-1.localdomain
    250-PIPELINING
    250-SIZE
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    MAIL FROM:xxxxxxxxx@free.fr
    250 2.1.0 Ok
    RCPT TO:xxxxxxxxxx@free.fr
    250 2.1.5 Ok
    DATA
    354 End data with <CR><LF>.<CR><LF>
    subject : Test
    This is a test
    .
    250 2.0.0 Ok: queued as 24699E01A8
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.
    hostname-1:~ #

    • systemd journal

    Code:
    Apr 22 17:22:18 hostname-1 echo[9361]: Starting mail service (Postfix)                                                                   
    Apr 22 17:22:19 hostname-1 postfix/master[9447]: daemon started -- version 2.11.3, configuration /etc/postfix
    Apr 22 17:22:47 hostname-1 postfix/smtpd[9470]: initializing the server-side TLS engine
    Apr 22 17:22:47 hostname-1 postfix/tlsmgr[9472]: open smtp TLS cache btree:/var/lib/postfix/smtpd_tls_session_cache
    Apr 22 17:22:47 hostname-1 postfix/tlsmgr[9472]: tlsmgr_cache_run_event: start TLS smtp session cache cleanup
    Apr 22 17:22:47 hostname-1 postfix/smtpd[9470]: connect from hostname-1.my-dom-test.nwk[192.168.130.123]
    Apr 22 17:23:37 hostname-1 postfix/smtpd[9470]: 24699E01A8: client=hostname-1.my-dom-test.nwk[192.168.130.123]
    Apr 22 17:23:58 hostname-1 postfix/cleanup[9474]: 24699E01A8: message-id=<20150422152337.24699E01A8@hostname-1.localdomain>
    Apr 22 17:23:58 hostname-1 postfix/qmgr[9449]: 24699E01A8: from=<xxxxxxxxxxxxx@free.fr>, size=409, nrcpt=1 (queue active)
    Apr 22 17:23:58 hostname-1 postfix/smtp[9476]: initializing the client-side TLS engine
    Apr 22 17:24:02 hostname-1 postfix/smtpd[9470]: disconnect from hostname-1.my-dom-test.nwk[192.168.130.123]
    Apr 22 17:24:28 hostname-1 postfix/smtp[9476]: connect to smtp.free.fr[212.27.48.4]:25: Connection timed out
    Apr 22 17:24:28 hostname-1 postfix/smtp[9476]: 24699E01A8: to=<xxxxxxxxxxxx@free.fr>, relay=none, delay=73, delays=43/0.02/30/0, dsn=4.4.1, status=deferred (connect to smtp.free.fr[212.27.48.4]:25: Connection timed out)
    Config :

    Self signed cert (postfix example):
    Code:
    openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/postfix.pem -keyout /etc/ssl/private/postfix.pem
    Firewall :
    http://paste.opensuse.org/97458654
    http://paste.opensuse.org/98962735

    Have modified /etc/services because port was not open ( Not sure this was necessary )
    Code:
    smtps              465/tcp      # Secure SMTP
    smtps              465/udp      # Secure SMTP
    /etc/postfix/main.cf
    http://paste.opensuse.org/46566243


    /etc/postfix/master.cf
    http://paste.opensuse.org/99236676

    Any help is nwelcome.
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 butexpected to talk to port 465 (SMTP+SSL)

    On 2015-04-22 19:36, jcdole wrote:

    >
    > Working conditions:


    Do you intend your postfix to send directly to the destination, or do
    you intend to use your ISP as relay?

    Please clarify.

    Assuming the first one, ie, a /real/ mail server.

    > - No owned domain name
    > - No fixed IP adress behind the isp dsl modem


    Well, this is a huge problem.
    Many destinations will simply refuse to talk to you because of any of
    those two conditions.

    So... no need to continue reading...



    > - Test mail with the command "telnet" and "mail" on a test user on the
    > mail server machine.


    Why telnet? What do you want to test/prove?

    > Now postfix try to send mail but connect to my ISP on port 25 which is
    > not allowed. Here info from ISP site :


    You want to create a mail server while using an ISP that blocks port 25?
    Impossible.

    > Have modified /etc/services because port was not open ( Not sure this
    > was necessary )


    No.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  3. #3
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 butexpected to talk to port 465 (SMTP+S

    Quote Originally Posted by robin_listas View Post
    On 2015-04-22 19:36, jcdole wrote:
    Do you intend your postfix to send directly to the destination, or do
    you intend to use your ISP as relay?

    Please clarify.
    As relay via SMTP using ssl/tls on port 465

    Quote Originally Posted by robin_listas View Post
    On 2015-04-22 19:36, jcdole wrote:

    Why telnet? What do you want to test/prove?
    Testing connection and logging

    Quote Originally Posted by robin_listas View Post

    > Now postfix try to send mail but connect to my ISP on port 25 which is
    > not allowed. Here info from ISP site :

    You want to create a mail server while using an ISP that blocks port 25?
    Impossible.



    Yes . See ISP recommendation :
    Your login "my_user_name" is already authorized to make SMTP authenticated on "smtp.free.fr".
    Only encrypted password authentication methods are accepted. For example the use of SSL (on port 465) or of the ' MD5 Challenge-Response' (on port 587).


    As master.cf is telling postfix to use port 465, i don't understand why postfix is using port 25.

    [/QUOTE]
    Quote Originally Posted by robin_listas View Post
    > Have modified /etc/services because port was not open ( Not sure this
    > was necessary )
    Quote Originally Posted by robin_listas View Post
    No.


    I did that because nmap show that port 465 was closed.
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  4. #4
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 but expected to talk to port 465 (SMTP+

    Test using swaks :
    ============

    [CODEswaks --from username@free.fr --to username@free.fr --auth-user username@free.fr --auth-pass password --body "This is a test mailing with swaks" -tls -apt --server smtp.free.fr -p 587 [/CODE]

    Code:
    === Trying smtp.free.fr:587...
    === Connected to smtp.free.fr.
    <-  220 smtp4-g21.free.fr ESMTP Postfix
     -> EHLO hostname-1.my-dom-test.nwk
    <-  250-smtp4-g21.free.fr
    <-  250-PIPELINING
    <-  250-SIZE 35000000
    <-  250-VRFY
    <-  250-ETRN
    <-  250-STARTTLS
    <-  250-AUTH CRAM-MD5 DIGEST-MD5
    <-  250-ENHANCEDSTATUSCODES
    <-  250-8BITMIME
    <-  250 DSN
     -> STARTTLS
    <-  220 2.0.0 Ready to start TLS
    === TLS started w/ cipher ECDHE-RSA-AES256-GCM-SHA384
     ~> EHLO hostname-1.my-dom-test.nwk
    <~  250-smtp4-g21.free.fr
    <~  250-PIPELINING
    <~  250-SIZE 35000000
    <~  250-VRFY
    <~  250-ETRN
    <~  250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
    <~  250-ENHANCEDSTATUSCODES
    <~  250-8BITMIME
    <~  250 DSN
     ~> AUTH CRAM-MD5
    <~  334 <3134385094.3750030@smtp4-g21.free.fr>
     ~> iusername@free.fr 026193443d325f39283f1d0e967874e2
    <~* 535 5.7.8 Error: authentication failed: authentication failure
     ~> AUTH LOGIN
    <~  334 Username:
     ~> username@free.fr
    <~  334 Password:
     ~> password
    <~* 535 5.7.8 Error: authentication failed: authentication failure
     ~> AUTH PLAIN \0username@free.fr\0password
    <~* 535 5.7.8 Error: authentication failed: authentication failure
    *** No authentication type succeeded
     ~> QUIT
    <~  221 2.0.0 Bye
    === Connection closed with remote host.
    hostname-1:~ #
    test similar, but user name does not contain domain name "free.fr"
    [CODEswaks --from username@free.fr --to username@free.fr --auth-user username --auth-pass password --body "This is a test mailing with swaks" -tls -apt --server smtp.free.fr -p 587 [/CODE]

    Code:
    === Trying smtp.free.fr:587...
    === Connected to smtp.free.fr.
    <-  220 smtp4-g21.free.fr ESMTP Postfix
     -> EHLO hostname-1.my-dom-test.nwk
    <-  250-smtp4-g21.free.fr
    <-  250-PIPELINING
    <-  250-SIZE 35000000
    <-  250-VRFY
    <-  250-ETRN
    <-  250-STARTTLS
    <-  250-AUTH CRAM-MD5 DIGEST-MD5
    <-  250-ENHANCEDSTATUSCODES
    <-  250-8BITMIME
    <-  250 DSN
     -> STARTTLS
    <-  220 2.0.0 Ready to start TLS
    === TLS started w/ cipher ECDHE-RSA-AES256-GCM-SHA384
     ~> EHLO hostname-1.my-dom-test.nwk
    <~  250-smtp4-g21.free.fr
    <~  250-PIPELINING
    <~  250-SIZE 35000000
    <~  250-VRFY
    <~  250-ETRN
    <~  250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
    <~  250-ENHANCEDSTATUSCODES
    <~  250-8BITMIME
    <~  250 DSN
     ~> AUTH CRAM-MD5
    <~  334 <3134385094.3750030@smtp4-g21.free.fr>
     ~> iusername@free.fr 026193443d325f39283f1d0e967874e2
    <~* 535 5.7.8 Error: authentication failed: authentication failure
     ~> AUTH LOGIN
    <~  334 Username:
     ~> username
    <~  334 Password:
     ~> password
    <~* 535 5.7.8 Error: authentication failed: authentication failure
     ~> AUTH PLAIN \0username\0password
    <~* 535 5.7.8 Error: authentication failed: authentication failure
    *** No authentication type succeeded
     ~> QUIT
    <~  221 2.0.0 Bye
    === Connection closed with remote host.
    hostname-1:~ #
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 butexpected to talk to port 465 (SMTP+SSL)

    On 2015-04-23 20:36, jcdole wrote:
    >
    > robin_listas;2706340 Wrote:
    >> On 2015-04-22 19:36, jcdole wrote:
    >> Do you intend your postfix to send directly to the destination, or do
    >> you intend to use your ISP as relay?
    >>
    >> Please clarify.

    >
    > As relay via SMTP using ssl/tls on port 465


    Ok.

    > robin_listas;2706340 Wrote:
    >>
    >>> Now postfix try to send mail but connect to my ISP on port 25 which is
    >>> not allowed. Here info from ISP site :

    >> You want to create a mail server while using an ISP that blocks port 25?
    >> Impossible.

    >
    > Yes . See ISP recommendation :


    No. You can not set up a real mail server if the ISP blocks port 25. A
    real mail server sends on its own to the entire world, does not use your
    ISP as relay host.

    You are doing something else, simply using postfix as intermediary to
    your ISP relay.




    > As master.cf is telling postfix to use port 465, i don't understand why
    > postfix is using port 25.


    I don't see why you say that you tell it to use 465. :-?
    I only see there that there is an entry defining what to do with smtps.


    > robin_listas;2706340 Wrote:
    >> Have modified /etc/services because port was not open ( Not sure this
    >> was necessary )robin_listas;2706340 Wrote:

    >
    > *No.
    > *
    >
    > I did that because nmap show that port 465 was closed.


    Incoming. You have it closed incoming to your machine. That's irrelevant
    for sending.

    By the way, I prefer the text entries from the firewall config with
    comments removed, not photos from yast...

    Code:
    cat /etc/sysconfig/SuSEfirewall2 | egrep -v "^[[:space:]]*$|^#"
    And the only thing important is postfix mail log. Daemons started,
    telnet... no.


    I think (unsure) that you have to play with the transport file.
    Perhaps smtp_enforce_tls.


    My ISP doesn't block port 25. My postfix uses whatever it automatically
    decides to, which apparently is port 25, looking at the logs.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  6. #6
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 but expected to talk to port 465 (SMTP+

    Hello.
    You can forget the beginning of this thread: I completely forgot to configure the permission to use "authenticated smtp" on each isp test account. This oversight prohibited access to ISP smtp port 465 and 587. Having corrected this mistake, from the server, I can send mails via "swarks" or "thunderbird" on each isp test account.

    Code:
    hostname-1:~ # swaks --from user1@free.fr --to user2@free.fr --auth-user user1 --auth-pass pass-user1  --body "This is a test mailing with swaks" -tlsc --server smtp.free.fr -p 465                       
    === Trying smtp.free.fr:465...
    === Connected to smtp.free.fr.
    === TLS started w/ cipher ECDHE-RSA-AES256-GCM-SHA384
    <~  220 smtp4-g21.free.fr ESMTP Postfix
     ~> EHLO hostname-1.my-dom-test.nwk
    <~  250-smtp4-g21.free.fr
    <~  250-PIPELINING
    <~  250-SIZE 35000000
    <~  250-VRFY
    <~  250-ETRN
    <~  250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
    <~  250-ENHANCEDSTATUSCODES
    <~  250-8BITMIME
    <~  250 DSN
     ~> AUTH CRAM-MD5
    <~  334 PDM4OTQ0MjE5MjQuMzgyODU2OUBzbXRwNC1nMjEuZnJlZS5mcj4=
     ~> amNkb2xlIGI1ZTI3NTA4NGNkZjAzNjVlNDM3YTBlNDg4NjYwN2Fl
    <~  235 2.7.0 Authentication successful
     ~> MAIL FROM:<user1@free.fr>
    <~  250 2.1.0 Ok
     ~> RCPT TO:<user2@free.fr>
    <~  250 2.1.5 Ok
     ~> DATA
    <~  354 End data with <CR><LF>.<CR><LF>
     ~> Date: Fri, 24 Apr 2015 18:13:15 +0200
     ~> To:user2@free.fr
     ~> From: user1@free.fr
     ~> Subject: test Fri, 24 Apr 2015 18:13:15 +0200
     ~> X-Mailer: swaks v20061116.0 jetmore.org/john/code/#swaks
     ~> 
     ~> This is a test mailing with swaks
     ~> 
     ~> .
    <~  250 2.0.0 Ok: queued as 196AC4C8097
     ~> QUIT
    <~  221 2.0.0 Bye
    === Connection closed with remote host.
    hostname-1:~ #
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,283
    Blog Entries
    2

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 but expected to talk to port 465 (SMTP+

    Working conditions:

    1. No owned domain name
    2. No fixed IP adress behind the isp dsl modem
    3. The server on the local network run as DHCP server and dns server using dnsmasq. Postfix is configured and running
    4. Self signed cert has been generated for postfix and dovecot
    5. FW is configured
    6. For the moment, just testing postfix with an isp test account.
    7. Test mail with the command "telnet" and "mail" on a test user on the mail server machine.
    1. That's OK. Not necessary for setting up an SMTP Smart Relay. Only required if you're setting up a mailserver for client apps, then you'll need a Mail Domain (which isn't always entirely consistent with a publicly registered FQDN) and support for a client app mail protocol, usually some variation of POP or IMAP (there are others like MS Outlook connections).

    2. That's OK. All depends on what you intend your SMTP Smart Relay to do. SMTP is used for outgoing mail and inter-mail server connections, so you need some kind of location resolution for whatever connects to your Smart Relay. But, a fixed IP is not critical although usually desirable.

    3. OK. I assume you're saying those additional network services are running on the same machine as your Smart Relay.

    4. OK.

    5. OK.

    6. OK.

    7. OK.

    You don't provide enough info about your Postfix configuration (you'd probably need to post your config file somewhere for inspection with possibly sanitized info) but before you do that, have you done the easy thing and simply installed the YAST mail applet and used it to configure your secure connection? Install with the following command and you'll find it in YAST Network Services
    Code:
    zypper in yast2-mail
    HTH,
    TSU

  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 butexpected to talk to port 465 (SMTP+SSL)

    On 2015-04-24 19:06, tsu2 wrote:
    > You don't provide enough info about your Postfix configuration (you'd
    > probably need to post your config file somewhere for inspection with


    He did post main and master.cf, in links.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,283
    Blog Entries
    2

    Default Re: OS13.2 - Postfix configuration - Postfix talk on port 25 butexpected to talk to port 465 (SMTP+S

    Quote Originally Posted by robin_listas View Post
    On 2015-04-24 19:06, tsu2 wrote:
    > You don't provide enough info about your Postfix configuration (you'd
    > probably need to post your config file somewhere for inspection with


    He did post main and master.cf, in links.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))
    Ah, my eyes missed.
    But still a quick search of those files don't contain any uncommented lines that specify address and ports.
    So, before even considering whether security is setup properly I don't see that the network address(es) is specified.

    In any case, as I described using YAST to configure would probably be the fastest and easiest way to implement and with a higher degree of certainty without bugs.

    TSU

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •