Thanks everyone. I'm still at a loss here. I have tried everything you guys have suggested and it's also not a firewall issue so at this point I have no idea why I can't get this to work. Currently I have the following in my master.cf for port 465...
465 inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026 We've eliminated the server firewall two ways: 1. There was no firewall in place when I first ran into this problem. 2. After putting the firewall in place I observed packets coming into 465 with tcpdump. 3. After I turned the firewall back on, I put an explicit allow rule in the firewall that allowed packets to that port -- and iptables recorded packets accepted by that rule. The firewall packet counter and tcpdump BOTH confirm that these packets are NOT blocked by our server host. The packets ARE reaching the server. The network traffic is making me wonder if perhaps Postfix is not bound to the correct interface for this (even though my main.cf shows this.... # Enable both IPv4 and/or IPv6: ipv4, ipv6, all. inet_protocols = all # Enable all network interfaces. inet_interfaces = all The packets come in, but there is no response to them on eth0... it only seems to respond when it's talking to itself on the local interface (i tested this by doing tcpdump again using -l lo and was able to observe the traffic. Something about the way this is set up is not getting the incoming packets even though they do arrive. Our firewall admin is saying that he is 100% sure this is not firewall related. Any other ideas of what may be causing this? Banging my head against a wall. Thanks! On Sun, Jun 13, 2021 at 8:17 AM Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > >On 11 Jun 2021, at 09:15, Linda Pagillo <lpad...@gmail.com> wrote: > >> 465 inet n - n - - smtpd > >> -o syslog_name=postfix/smtps > >> -o smtpd_tls_wrappermode=yes > > On 13.06.21 06:40, @lbutlr wrote: > >This is incorrect. 465 should be set without a STARTTLS wrapper > > it's not starttls wrapper, it's without-startls wrapper: > > smtpd_tls_wrappermode (default: no) > > Run the Postfix SMTP server in the non-standard "wrapper" mode, instead > of using the STARTTLS command. > > > -o smtpd_tls_security_level=encrypt > > ...this is useless in wrapper mode: > > smtpd_tls_security_level (default: empty) > > The SMTP TLS security level for the Postfix SMTP server; when a > non-empty value is specified, this overrides the obsolete parameters > smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with > "smtpd_tls_wrappermode = yes". > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 >
