I had STARTTLS working for port 25 for many months with no problem. I
am using amavisd-new/spamassassin as content filter. But now, due to
port blocking, I need to set this up on port 587 so I can send mail
directly to my server with my mail client (thunderbird).
I made a change to master.cf by duplicating what I had for port 25 and
added tls and smtp-auth:
# Step 1a - Listens on port 25 for incoming internet connections from MTAs
# and hands off mail to content filter listening on port 10024
25 inet n - n - 4 smtpd
-o content_filter=smtp-amavis:[127.0.0.1]:10024
-o receive_override_options=no_address_mappings
# OR
# Step 1b - Listens on port 587 for incoming internet connections from MUAs
# and hands off mail to content filter listening on port 10024
587 inet n - n - 2 smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o content_filter=smtp-amavis:[127.0.0.1]:10024
-o receive_override_options=no_address_mappings
Yet when I telnet from localhost Postfix is not offering any services:
$ telnet localhost 587
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP
helo localhost
250 mail.example.com
quit
221 2.0.0 Bye
Connection closed by foreign host.
Here is my current configuration:
$ postconf -n
alias_database = /etc/postfix/aliases
biff = no
broken_sasl_auth_clients = no
command_directory = /usr/local/sbin
config_directory = /etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/run/postfix
debug_peer_level = 2
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix/html
inet_interfaces = 72.0.200.123 192.168.3.101 127.0.0.1
mail_owner = _postfix
mailbox_size_limit = 1000000000
mailq_path = /usr/local/sbin/mailq
manpage_directory = /usr/local/man
message_size_limit = 80000000
mydestination = localhost, numinone.example.com
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 192.168.1.0/24 192.168.3.0/24
myorigin = numinone.example.com
newaliases_path = /usr/local/sbin/newaliases
notify_classes = resource,software
queue_directory = /var/spool/postfix
queue_minfree = 120000000
readme_directory = /usr/local/share/doc/postfix/readme
relay_domains = mysql:/etc/postfix/sql/relay_domains.cf
relay_recipient_maps = mysql:/etc/postfix/sql/relay_recipients.cf
sample_directory = /etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = _postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = reject_multi_recipient_bounce
reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain check_helo_access
regexp:/etc/postfix/helo_checks check_sender_mx_access
cidr:/etc/postfix/bogus_mx check_sender_access
hash:/etc/postfix/check_backscatterer reject_rbl_client
zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/ssl/certs/mail.example.com.crt
smtpd_tls_key_file = /usr/local/etc/ssl/certs/mail.example.com_key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = mysql:/etc/postfix/sql/transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/sql/virtual_alias_maps.cf
virtual_gid_maps = mysql:/etc/postfix/sql/virtual_gid_maps.cf
virtual_mailbox_base = /var/spool/virtual_mailboxes
virtual_mailbox_domains = mysql:/etc/postfix/sql/virtual_mailbox_domains.cf
virtual_mailbox_limit = 80000000
virtual_mailbox_maps = mysql:/etc/postfix/sql/virtual_mailbox_recipients.cf
virtual_transport = maildrop
virtual_uid_maps = mysql:/etc/postfix/sql/virtual_uid_maps.cf
Thanks for any help.
--
/jm
