I have an OpenBSD 6.1 box set up with OpenSMTPD and Dovecot on Vultr (a VPS provider).
This machine is intended for use as my primary mail server. I have a Let’s Encrypt certificate installed and declared in the smtpd.conf file like so: # $OpenBSD: smtpd.conf,v 1.9 2016/05/03 18:43:45 jung Exp $ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. # pki setup (Define TLS Certificates for host names) pki pfc-consulting.com certificate "/etc/ssl/pfc-consulting.com.crt" pki pfc-consulting.com key "/etc/ssl/private/pfc-consulting.com.key" # tables setup table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table passwd passwd:/etc/mail/passwd table virtuals file:/etc/mail/virtuals # To accept external mail, replace with: listen on all # # listen on lo0 # listen ports setup listen on lo0 listen on egress port 25 tls-require pki pfc-consulting.com auth <passwd> listen on egress port 587 tls-require pki pfc-consulting.com auth <passwd> # special case for gmail to avoid ipv6 here limit mta for domain gmail.com inet4 # allow local messages accept from local for local alias <aliases> deliver to lmtp "/var/dovecot/lmtp" rcpt-to # allow virtual domains accept from any for domain <domains> virtual <virtuals> deliver to lmtp "/var/dovecot/lmtp" rcpt-to # allow outgoing mails accept from local for any relay I have the system set up for IMAP only (no POP3) and I have sent and received email from my computer at home to this machine. (as an aside, I have MX and spf records defined in DNS) I can send and receive mail ok using Apple Mail on my mac. Thunderbird is another story… I am warned when I set up the account that SMTP is NOT encrypted. This has driven me batty all week. My Google-Foo fails me and reading through my Dovecot book and smtpd man pages have not enlightened me as to why this is not using TLS. When I telnet to the machine on port 587 and issue the EHLO command, STARTTLS does appear in the response. Also, OpenSMTPD shows when I type the help command. issuing a Mail command comes back with the response that STARTTLS must be done first. Can someone clue me in on what I might be missing? Thanks in advance for your help! — Paul.
