Noted with thanks
On Wed, 25 Aug 2021 at 23:06, Wietse Venema <wie...@porcupine.org> wrote: > > Turritopsis Dohrnii Teo En Ming: > > Subject: I have successfully configured SSL/TLS for Postfix SMTP > > outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed > > Two minor corrections, because port 465 uses TLS wrapper mode instead > of STARTTLS. > > > Good day from Singapore, > > > > I have successfully configured SSL/TLS for Postfix SMTP outgoing mail > > server for a customer in Singapore on 25 Aug 2021 Wed. It took me 7-8 > > hours to > > solve this problem. I think my boss can probably solve this problem in > > 10 minutes. > > > > I have prepared this extremely short and concise guide to remind > > myself and everyone how to configure SSL/TLS for Postfix SMTP outgoing > > Linux mail server. > > > > Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL) > > Country: Singapore > > Date: 25 August 2021 Wed Singapore Time > > > > Type of Publication: Plain Text > > > > Document version: 20210825.01 > > > > ===BEGINNING OF GUIDE=== > > > > Add the following lines to /etc/postfix/main.cf: > > > > smtpd_tls_cert_file = /etc/postfix/teo-en-ming-corp.crt > > smtpd_tls_key_file = /etc/postfix/teo-en-ming-corp.key > > smtp_tls_security_level = may > > smtpd_tls_security_level = may > > smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache > > smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache > > > > Add the following lines to /etc/postfix/master.cf: > > > > submission inet n - n - - smtpd > > smtps inet n - n - - smtpd > > The second line needs an option "-o smtpd_tls_wrappermode=yes", like this: > > smtps inet n - n - - smtpd > -o smtpd_tls_wrappermode=yes > > because unlike the "smtp" and "submission" services, the "smtps" > service does not use STARTTLS, instead it uses TLS wrapper mode. > > > Restart Postfix for changes to take effect. > > > > # service postfix restart > > > > Submission port is 587. SMTPS port is 465. Normal SMTP port is 25. > > > > Add the following firewall rules to /etc/sysconfig/iptables. This is > > to open ports for services/daemons listening on TCP ports 25, 465, and > > 587. > > > > -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT > > -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT > > > > -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT > > -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT > > > > -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT > > -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT > > > > Reload firewall rules. > > > > # service iptables restart > > > > Linux troubleshooting commands: > > > > # openssl s_client -connect mail.teo-en-ming-corp.com:25 -servername > > mail.teo-en-ming-corp.com -starttls smtp > > # openssl s_client -connect mail.teo-en-ming-corp.com:465 -servername > > mail.teo-en-ming-corp.com -starttls smtp > > No starttls for the port 465 service. > > Wietse > > > # openssl s_client -connect mail.teo-en-ming-corp.com:587 -servername > > mail.teo-en-ming-corp.com -starttls smtp > > > > # openssl s_client -connect example.com:[port] -servername example.com > > > > # telnet mail.teo-en-ming-corp.com 25 > > # telnet mail.teo-en-ming-corp.com 465 > > # telnet mail.teo-en-ming-corp.com 587 > > > > ===END OF GUIDE=== > > > > You will be able to see STARTTLS in the SMTP banner for Postfix for > > TCP ports 25, 465 and 587 if you do a Telnet to your mail server. > > > > If there are corrections and/or additions to this guide, I will post back > > here. > > > > Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 25 August > > 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT > > Consultant > > with a System Integrator (SI)/computer firm in Singapore. He is an IT > > enthusiast. > > > > -----BEGIN EMAIL SIGNATURE----- > > > > The Gospel for all Targeted Individuals (TIs): > > > > [The New York Times] Microwave Weapons Are Prime Suspect in Ills of > > U.S. Embassy Workers > > > > Link: > > https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html > > > > ******************************************************************************************** > > > > Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's > > Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts > > at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan > > (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): > > > > [1] https://tdtemcerts.wordpress.com/ > > > > [2] https://tdtemcerts.blogspot.sg/ > > > > [3] https://www.scribd.com/user/270125049/Teo-En-Ming > > > > -----END EMAIL SIGNATURE----- > >
