How to configure Centos 7 Postfix SSL (port 465)?

Question

My problem is I can't send mail/connect to port 465. I purchased a SSL certificate and I have my private key, domain certificate and ca certificate file in pem format.

I have opened 465 port in iptables and commented out the following lines in master.cf

smtps     inet  n       -       n       -       -       smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes

I added the following lines in main.cf

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/private_key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/ca.pem
smtpd_tls_loglevel = 3
smtpd_tls_security_level = encrypt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_relay_restrictions = permit_mynetworks permit_tls_clientcerts reject_unauth_destination

There is no error in /var/log/maillog

But when run this command:

openssl s_client -connect mydomain.com:465

I see it stated connected and all my certificate verify = 1. but at the end it show:

Start Time: 1444920545
Timeout   : 300 (sec)
Verify return code: 0 (ok)
---
read:errno=0

Is there anything that I need/do in order to use port 465?

I can't send mail through port 465 (SSL). I tried it on outlook, but it failed. — Maximilian, Oct 15 '15 at 14:58
What's the output of `postconf -d` ? `netstat -tnpl` ? output log when you restart smtpd? — stoned, Oct 15 '15 at 21:43

score 0 · Answer 1 · edited May 23 '17 at 12:41

0

Likely a firewall issue. Check that you are indeed listening on 465 and test openssl connect to local host then remote.

465 (SSL) is deprecated and insecure; you should just use 587 TLS.

edited May 23 '17 at 12:41

Community

1

answered Oct 17 '15 at 04:21

Jacob Evans

7,636
3
25
55

How to configure Centos 7 Postfix SSL (port 465)?

1 Answers1