I am running postfix 3.1.0 on an xubuntu 16.04 system and postfix 2.9.6
on a Raspberry Pi running Debian.
They seem to act very differently as regards the use of ports 465 and
587 and I'd like things clarified so I can understand better.
I use both postfix installations to send outgoing E-Mail (i.e. mail
which is leaving my home LAN) to my hosting company's servers. Their
documentation says that I should use port 465 and TLS to connect to
the SMTP server.
On the postfix 3.1 system this works, I specify port 465 in main.cf
and everything is as it should be. The local additions and changes to
main.cf are as follows:-
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = esprimo.zbmc.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = zbmc.eu
mydestination = zbmc.eu esprimo.zbmc.eu, esprimo, chris.zbmc.eu
relayhost = [mail3.gridhost.co.uk]:465
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtp_sasl_auth_enable = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
message_size_limit = 120480000
compatibility_level = 2
However on the postfix 2.9 installation on the raspberry pi using port
465 fails. What I see in /var/log/mail.log when sending a mail is as
follows:-
Feb 17 15:07:06 pi postfix/pickup[20154]: 1C9A322C52: uid=1000 from=<chris>
Feb 17 15:07:06 pi postfix/cleanup[20187]: 1C9A322C52:
message-id=<20170217150706.1c9a322...@zbmc.eu>
Feb 17 15:07:06 pi postfix/qmgr[20153]: 1C9A322C52: from=<ch...@zbmc.eu>,
size=293, nrcpt=1 (queue active)
Feb 17 15:07:06 pi postfix/smtp[20189]: CLIENT wrappermode (port smtps/465)
is unimplemented
Feb 17 15:07:06 pi postfix/smtp[20189]: instead, send to (port
submission/587) with STARTTLS
Feb 17 15:08:06 pi postfix/smtp[20189]: 1C9A322C52:
to=<ch...@cheddar.halon.org.uk>, relay=mail3.gridhost.co.uk[95.142.156.18]:465,
delay=60, delays=0.16/0.21/60/0, dsn=4.4.2, status=deferred (lost connection
with mail3.gridhost.co.uk[95.142.156.18] while receiving the initial server
greeting)
If (as the above suggests) I change to port 587 then everything works
OK.
The relevant parts of main.cf on the Raspberry Pi are:-
# smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = zbmc.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = zbmc.eu
mydestination = pi.zbmc.eu, localhost.zbmc.eu, localhost
relayhost = [mail3.gridhost.co.uk]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtp_sasl_auth_enable = yes
smtp_tls_security_level = encrypt
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
message_size_limit = 120480000
# smtp_generic_maps = hash:/etc/postfix/generic
As you can see it's basically the same as the other one, except that
it needs port 587 instead of 465.
Can anyone explain this please? I assume it's due to some change
between postfix 2.9 and postfix 3.1 but I may be entirely wrong, I'm
hardly a postfix expert. Alternatively could there be some difference
in the default installation set-up between the Debian on the Pi and
Xubuntu on the other machine?
Ah, I've maybe just spotted the reason, smtp_tls_wrappermode is new in
postfix 3, is that what makes the difference? I'd still like a simple
explanation though! :-)
--
Chris Green
