Re: Different treatment of ports 465 and 587 between postfix versions 2.9 and 3.1

Sat, 18 Feb 2017 01:58:24 -0800 

On Fri, Feb 17, 2017 at 06:11:44PM -0500, Viktor Dukhovni wrote:
> 
> > On Feb 17, 2017, at 5:33 PM, Chris Green <[email protected]> wrote:
> > 
> > OK, so the older version is using SMTP STARTTLS which runs on port 587
> 
> This is how TLS has worked in MTA-to-MTA SMTP for the last > 15 years.
> 
>       https://tools.ietf.org/html/rfc3207
> 
> > and the newer (>=3) version is using TLS directly on port 465.
> 
> No, Postfix 3.0 and later *also* support SMTP over TLS as used
> by some systems on port 465.  The submission service on 587 and
> the relay service on port 25 continue to support STARTTLS.
> 
> To use submission on port 587 the server needs to provide that
> service.  If a server only supports "smtps" on 465, then that's
> what you need to use.
> 
The older (2.9.6) and newer (3.1.0) postfix versions that I'm using
are connecting to the same smarthost.  I don't seem to be able to
connect from the 3.1.0 version to the submission service on 587 for
some reason.  Do I have to explicitly say I want to use STARTTLS as
well as connecting to port 587?

The 3.1.0 configuration is currently:-

    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
    defer_unauth_destination
    myhostname = esprimo.zbmc.eu
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = zbmc.eu
    mydestination = zbmc.eu esprimo.zbmc.eu, esprimo, chris.zbmc.eu
    relayhost = [mail3.gridhost.co.uk]:465
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    smtp_sasl_auth_enable = yes
    smtp_tls_wrappermode = yes
    smtp_tls_security_level = encrypt
    smtp_sasl_tls_security_options = noanonymous
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    message_size_limit = 120480000
    compatibility_level = 2

What do I need to change to connect successfully to 587?  The 2.9.6
ones already connect successfully to [mail3.gridhost.co.uk]:587 so it
is possible.

Is it that 'smtp_tls_wrappermode = yes' that I need to remove?  I can
see little other difference between the configurations.

Thanks for all the help/explanations so far, I'm really not very good
at all this!

-- 
Chris Green

Reply via email to