1

I have docker-mailserver and Roundcube in containers, beside there is MySQL database for mail data and user passwords. Dovecot inside is configured to verify logging in users passwords with database. Yesterday I've configured IMAP and it is working properly. Also Roundcube is working with no problem. Now I am facing problem configuring secure connection for SMTP. Even if there is setting "require" and similar to "always use STARTTLS" I am not getting possibility to send emails with secure connection. Plain (insecure) connections works ok.

My postfix-main.cf file:

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/dovecot/fullchain.pem
smtpd_tls_key_file = /etc/dovecot/privkey.pem

smtpd_tls_eecdh_grade = strong
smtpd_tls_protocols= !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_protocols= !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level=may
smtpd_tls_ciphers = high
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

# smtpd_tls_auth_only = yes

# smtp_use_tls = yes

# smtp_enforce_tls = yes
# smtpd_enforce_tls = yes

If I uncomment last 4 lines I am getting problems sending emails via Roundcube (SMTP server expects secure connection but on server it is not configured on Roundcube side). And also there is no possibility to secure SMTP communication from my home Thunderbird. TB with insecure connection works ok.

I've seen the documentation here:

http://www.postfix.org/SASL_README.html

but it does not help much.

What is the proper configuration needed to make postfix/dovecot work with STARTTLS?

EDIT:

Configuration: https://pastie.io/hxcfkw.ini

What I am getting at connection is:

# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.correct_domain.com ESMTP
EHLO test.com
250-mail.correct_domain.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
^]
telnet> quit
Connection closed.

So seems like the server is not offering any security.

EDIT2:

I've seen this link:

Forcing encryption for outgoing SMTP with Postfix

But nothing from there helps me. TB is constantly disconnecting from STARTTLS on the mail server.

pbies
  • 159
  • 12
  • Really, the best thing to do is read this entire article: [Postfix TLS Support](http://www.postfix.org/TLS_README.html). You should post the entire output of `postconf -n` and it is fine to anonymize things like IP addresses in your post. Short answer is add `smtp_tls_security_level = may` and see if that fixes. – Paul Mar 04 '22 at 12:57
  • This option didn't solved the problem. I've edited the question adding configuration paste. – pbies Mar 04 '22 at 13:10
  • @Paul any idea? – pbies Mar 07 '22 at 17:36

0 Answers0