1 (edited by RajeshM 2020-01-19 12:14:33)

Topic: enable port 465

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): pro latest
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx):nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


for enabling postfix smtp service on port 465 as per
https://docs.iredmail.org/enable.smtps.html

had a few questions

1) # Submission, port 587, force TLS connection.
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

-o content_filter=smtp-amavis:[127.0.0.1]:10026


# SSL PORT 465

465     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

  -o content_filter=smtp-amavis:[127.0.0.1]:10026

QUESTION 1
We are starting an addition service ie smtps on 465
can we call two amavis instances using same port number ie 10026 in the postfix master.cf or do we need to add another port say 10023 in amavs?

normally for different types of service we start amavis on multiple ports

$inet_socket_port = [10024, 10026, 10027, 9998];


QUESTION 2) do we need to increase the number of connections in postfix master.cf due to port 465 ?

smtp-amavis unix -  -   n   -   252  smtp

############

# Amavisd integration.
smtp-amavis unix -  -   n   -   252  smtp
    -o syslog_name=postfix/amavis
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

thanks
rajesh

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: enable port 465

1: both submission and 465 are used by end users to submit emails, same purpose, so we can use same 10026 port.
2: no need to increase it. Default is 100 concurrent clients, it’s enough.

3 (edited by RajeshM 2020-01-19 14:18:52)

Re: enable port 465

hi,

due to some reason postfix is not responding on port 465

we used the exact same settings as specified and further the same works correctly on our test server which is an exact replica of the production server

# telnet 127.0.0.1 465
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

we enabled postfix debug but no logs at all

we shutdown iptables but still does not work.

truly puzzling.

on a side note when we use the same amavis port the load on the server shoots up.

rajesh

4

Re: enable port 465

- Did you see any error/warning message in postfix log file right after restarting postfix service?
- I suggest double check master.cf, make sure no unnecessary white space or other misspelled words.

5

Re: enable port 465

hi

double checked everything but no resolution.

i even replicated the entire postfix config files from the production server to the test server.

it works on the test server but not on the production server

what level of debugging should i keep in postfix ?

thanks
rajesh

6

Re: enable port 465

Can you telnet to port 464 locally? Also from external network?
If port 464 open in firewall ?

7 (edited by RajeshM 2020-01-30 02:02:27)

Re: enable port 465

I am not able to telnet to 465 locally within the server. I tried after shutting down iptables too.

i also tried setting up an additional smtp submission port 4870.

I added the following lines in the master.cf similar to submission port, but even this did not work.

## Submission, port 5870, force TLS connection.
5870 inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission5870
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

Thanks
Rajesh

8

Re: enable port 465

hi

this started working after we aligned everything in a single line

465     inet  n       -       n       -       -       smtpd  -o syslog_name=postfix/smtps  -o smtpd_tls_wrappermode=yes  -o smtpd_sasl_auth_enable=yes  -o smtpd_client_restrictions=permit_sasl_authenticated,reject  -o content_filter=smtp-amavis:[127.0.0.1]:10026


rajesh

9

Re: enable port 465

I don't see why one single line is ok but breaking multiple '-o ...' to lines causes problem. Maybe there's some typo?

10

Re: enable port 465

I noted another puzzling point.

The configuration of additional smtp ports do not work if i manually edit the master.cf and restart postfix using /etc/init.d/postfix restart

It works only if go into webmin, postfix and enable the server process related to 5870 and 465

Any clue on what webmin does differently that it is able to activate smtpd services on 465 and 587

Thankyou
Rajesh

11 (edited by RajeshM 2020-01-31 13:10:41)

Re: enable port 465

hi

this is resolved

after changes to master.cf restarting postfix using

# /etc/init.d/postfix restart

***will not*** reload the changed master.cf

I had to execute

# postfix reload

to reload the configuration as mentioned here
http://www.postfix.org/master.5.html

i though that restarting postfix service meant reloading all the configuration files.

is it normal behavior or am i missing something ?

thanks
rajesh

12

Re: enable port 465

RajeshM wrote:

# /etc/init.d/postfix restart
***will not*** reload the changed master.cf

How about command "service postfix restart"?