0

Both Dovecot and Postfix are working perfectly. Especially for machines Win 8+ and Mac OS 10.10+ as well as iOS 8+.

But trying to connect from a 10.9 Mavericks Mac makes it weird...

Here is my main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

readme_directory = no

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mydestination =
mailbox_size_limit = 5120000000000000
message_size_limit = 30720000
recipient_delimiter =
inet_interfaces = all
myorigin = example.ddns.net
inet_protocols = all

# specify SMTP relay host 
relayhost = [myhost]:587

##### TLS parameters ######
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


###### SASL Auth ######
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   check_relay_domains


###### Use Dovecot LMTP Service to deliver Mails to Dovecot ######
virtual_transport = lmtp:unix:private/dovecot-lmtp


##### Only allow mail transport if client is authenticated or in own network (PHP Scripts, ...) ######
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination


###### MySQL Connection ######

virtual_alias_maps = mysql:/etc/postfix/virtual/mysql-aliases.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual/mysql-maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/virtual/mysql-domains.cf
local_recipient_maps = $virtual_mailbox_maps


# enable SASL authentication 
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication. 
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

And the message from the log states:

    Jun 16 11:36:43 example postfix/smtpd[8038]: SSL_accept error from unknown[xxx]: lost connection
Jun 16 11:36:43 example postfix/smtpd[8038]: lost connection after STARTTLS from unknown[xxx]
Jun 16 11:36:43 example postfix/smtpd[8038]: disconnect from unknown[xxx4]
Jun 16 11:36:47 example postfix/submission/smtpd[8022]: auto_clnt_close: disconnect private/tlsmgr stream

Whereas I tried to connect either with SSL on 465 & 587 as well as without SSL on 25. Other clients running latest software-versions are working perfectly.

David Makogon
  • 2,767
  • 1
  • 19
  • 29
swift_dan
  • 101
  • 4
  • 1
    Just searched for `"lost connection after STARTTLS"` and [read this](http://serverfault.com/questions/238476/lost-connection-after-starttls-postfix). Try to find a "don't verify openssl" option in your mail client and see if that works. – ychaouche Jun 16 '16 at 09:43
  • this is odd :-( I was searching for literally hours and hours...and all that was my mistake was an unaccepted certificate from openssl. if you comment, I up vote and solve the question! – swift_dan Jun 16 '16 at 09:47
  • It was just a hint @swift_dan, you found the solution by yourself. – ychaouche Jun 16 '16 at 09:55

1 Answers1

0

Thanks to @ychaouche I found the solution.

The client-side did not accept the certificate. Which means the SSL transmission was not allowed. After restarting client-site mail-application and trusting this untrusted openssl cert everything worked as expected!

Thanks!

swift_dan
  • 101
  • 4