Juan Miscaro wrote: > I had STARTTLS working for port 25 for many months with no problem. I > am using amavisd-new/spamassassin as content filter. But now, due to > port blocking, I need to set this up on port 587 so I can send mail > directly to my server with my mail client (thunderbird). > > I made a change to master.cf by duplicating what I had for port 25 and > added tls and smtp-auth: > > # Step 1b - Listens on port 587 for incoming internet connections from MUAs > # and hands off mail to content filter listening on port 10024 > 587 inet n - n - 2 smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o content_filter=smtp-amavis:[127.0.0.1]:10024 > -o receive_override_options=no_address_mappings > > > Yet when I telnet from localhost Postfix is not offering any services: > > $ telnet localhost 587 > Trying ::1... > telnet: connect to address ::1: Connection refused > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 mail.example.com ESMTP > helo localhost >
Unless you send "EHLO localhost", you will never see it. > 250 mail.example.com > quit > 221 2.0.0 Bye > Connection closed by foreign host. > > > Here is my current configuration: > > $ postconf -n > > smtpd_tls_security_level = encrypt > You want to block all smtpd's if they don't use TLS?? This is only recommended on a submission port. Otherwise, it can/will block normal internet mail. Suggested main.cf setting is "smtpd_tls_security_level = may", then override in master.cf if needed. Brian
