On Mon, Dec 17, 2018 at 01:28:56AM -0700, wp.rauchholz wrote:
> I am trying to get a webmail client up and running. It works fine w/o
> security settings. But when I try to implement SATARTTLS on port 587 I lose
> connection to localhost as described in Subject.
Note that the "lost connection to localhost" is an issue when sending
email, while TLS on port 587 is inbound email, only tangentially
related to the reported problem. STARTTLS on ports 25 and 587 is
working just fine for your domain.
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
Here you mmay want to also add:
-o smtp_tls_security_level=none
> postconf -n
> content_filter = smtp-amavis:[127.0.0.1]:10024
Your amavis content filter is on localhost, and may not handle
STARTTLS correctly.
> smtp_tls_security_level = may
But you try TLS if offered. You can also disable TLS in the
port 10025 post-filter service:
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o strict_rfc821_envelopes=yes
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
by adding:
-o smtpd_tls_security_level=none
There's no need for TLS on the loopback interface except in the
unlikely case that you're authenticating to an LMTP server with
client certificates, or the loopback SMTP service is actually TCP
tunnel to a remote destination.
--
Viktor.
