Raspberry pi mailserver

hello everyone,
I am working on a raspberry pi mailserver with dovecot and postfix. I am using this tutorial.
postfix was working successfully, until I started working on separating incoming mail from outgoing mail.
I've uncommented these lines in /ect/postfix/master.cf :
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
After i've done this, I tried to test postfix again:
[email protected] ~ $ telnet localhost 25
Trying 127.0.0.1...
Trying ::1...
telnet: Unable to connect to remote host: Address family not supported by protocol
When I comment the lines again, I still get the same warning. What can I do about it?
I am a linux noob.
I'm sorry for my english.
Lars

1 Like

have you restarted or reloaded the service after making the changes?

service postfix start / stop / reload

will do the according operation

1 Like

yes, i've done that. it still gives the warning

please try to telnet the smtps port 465 as you told postfix to listen there.

From the tutorial you use:

Postfix to listen on port 465, so open /etc/postfix/master.cf and uncomment the line:
smtps inet n - - - - smtpd
Now restart Postfix:
sudo service postfix restart
Test whether Postfix is listening on port 465:

1 Like

port 465 is working just fine:
[email protected] ~ $ telnet localhost 465
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
exit
exit
Connection closed by foreign host.
Port 25 however doesn't:
[email protected] ~ $ telnet localhost 25
Trying 127.0.0.1...
Trying ::1...
telnet: Unable to connect to remote host: Address family not supported by protocol

I am far from beeing a postfix wizzard... I always have to dig into the docu when ever I have to change somethinge .... but my understanding is, that you only have it activated on smpts ...

By the way, an SD card is by no means ideal.
Mail servers are generally pretty hot, or active in terms of writes, so you're card is going to die much quicker than most setups, especially if it's quiet small. I would try to move your data to a USB storage drive...

This is what works for me:

smtp      inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=none
  -o smtpd_sasl_auth_enable=no
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
# if you do not want to restrict it encryption only, comment out next line<
  -o smtpd_tls_auth_only=yes
  -o smtpd_tls_security_level=encrypt
#  -o header_checks=
#  -o body_checks=<
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING<
smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous
#  -o smtpd_tls_security_level=encrypt
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd

EDIT: Also, I believe SMTPS is depreciated and you should use submission (which uses port 587) instead with STARTTLS for encrypting SMTP

2 Likes

Fabulous link. A great site for any Linux enthusiast!

Hey Dex - with STARTTLS did you have to declare the 587 port in your email client as well, or did STARTTLS know this as a default. I know ssl uses 465 and 993 as default for IMAP but Im curious if choosing ssl or starttls if the email client knows to auto config the port or needs to be adjusted as well. (i.e claws mail or K9 on android.)

Yeah STARTTLS uses port 25 or 587 for SMTP (the default will be 587) and 143 for IMAP. the older ssl ports aren't used anymore and are only kept around for older systems which don't support STARTTLS.

thank you! It happens to work for me to. I don't know exactly how your settings differ from mine, but I'll check that.

1 Like

From the look of it the difference was that you only had SMTPS enabled but not SMTP or submission.