LINUX.ORG.RU

CentOS 6.5 - Postfix + Dovecot

 , ,


0

1

Не знаю живая ли тема, но надеюсь знающие люди помогут.

Беда в том, что настроил почтовик по гайдам, на выше сказанных утилитах и не работает коннект по SMTP c использованием 465 порта SSL.

IMAP на 993 SSL работает, а SMTP только по 25 или 587 STARTTLS.

Знакомство с линуксом я еще только начинаю, всех тонкостей не знаю, поэтому буду очень благодарен за помощь.

Вот мои конфиги:

/etc/postfix/main.cf

soft_bounce = no
queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
inet_interfaces = all
myhostname = mx.local.info
mydomain = local.info
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname,localhost.$myhostname,localhost
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 172.30.0.0/16
relay_domains =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mail_spool_directory = /var/mail
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debug_peer_list = 127.0.0.1, 172.0.0.0/8, ya.ru, mail.ru, 
10.0.0.0/8, ukr.net, gmail.com
debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
config_directory = /etc/postfix
virtual_mailbox_domains = mysql:$config_directory/sql/vdomains.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = mysql:$config_directory/sql/vmailbox.cf
virtual_alias_maps = mysql:$config_directory/sql/valias.cf
virtual_minimum_uid = 1150
virtual_uid_maps = static:1150
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = 
btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/certs/key.pem
smtpd_tls_cert_file = /etc/postfix/certs/cert.pem
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_policy_service unix:/var/spool/postfix/postgrey/socket,
    reject_non_fqdn_recipient,
    reject_invalid_hostname,
    reject_unknown_recipient_domain,
    reject_unknown_client,
    reject_unlisted_recipient,
    reject_unverified_recipient,
    reject_unauth_pipelining,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client dialups.mail-abuse.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client sbl-xbl.spamhaus.org,
    permit
smtpd_client_restrictions =
    reject_unauth_pipelining,
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unknown_client_hostname,
    permit
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_hostname,
    reject_invalid_helo_hostname,
    reject_unknown_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    permit
smtpd_sender_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_non_fqdn_sender,
    reject_authenticated_sender_login_mismatch,
    reject_unauthenticated_sender_login_mismatch,
    reject_unknown_sender_domain,
    permit_sasl_authenticated,
    reject_sender_login_mismatch
    permit

content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

/etc/postfix/master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtps      inet  n       -       n       -       -       smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
dovecot    unix    -    n    n    -    -    pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d $(recipient)
scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

127.0.0.1:10026 inet n - n - 16 smtpd
             -o content_filter=
             -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
             -o smtpd_helo_restrictions=
             -o smtpd_client_restrictions=
             -o smtpd_sender_restrictions=
             -o smtpd_recipient_restrictions=permit_mynetworks,reject
             -o mynetworks_style=host
             -o smtpd_authorized_xforward_hosts=127.0.0.0/8, 172.30.0.0./16

submission inet n       -       n       -       -       smtpd
          -o syslog_name=postfix/submission
          -o smtpd_tls_wrappermode=no
          -o smtpd_tls_security_level=encrypt
          -o smtpd_sasl_auth_enable=yes
          -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
          -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
          -o milter_macro_daemon_name=ORIGINATING

/etc/dovecot/dovecot.conf

# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.7.1.el6.i686 i686 CentOS release 6.6 (Final) ext4
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_verbose = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_uid = 1150
last_valid_uid = 1150
log_timestamp = %Y-%m-%d %H:%M:%S
mail_debug = yes
mail_location = maildir:/var/vmail/%d/%u
passdb {
          args = /etc/dovecot/dovecot-sql.conf
          driver = sql
}
protocols = imap pop3
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
          user = postfix
          group = postfix
          mode = 0660
    }
   unix_listener auth-master {
          user = vmail
          group = mail
          mode = 0660
    }
   unix_listener auth-userdb {
          user = vmail
          group = mail
          mode = 0660
    }
#user=root
}
service imap-login {
    executable = /usr/libexec/dovecot/imap-login
           inet_listener imap {
           address = *
           port = 143
     }
}
service imap {
    executable = /usr/libexec/dovecot/imap
}
service pop3-login {
     executable = /usr/libexec/dovecot/pop3-login
           inet_listener pop3 {
           address = *
           port = 110
     }
}
service pop3 {
           executable = /usr/libexec/dovecot/pop3
}
userdb {
           args = /etc/dovecot/dovecot-sql.conf
           driver = sql
}
protocol lda {
            auth_socket_path = /var/run/dovecot/auth-master
            postmaster_address = admin@local.info
}


ssl = yes
ssl_cert = </etc/postfix/certs/cert.pem
ssl_key = </etc/postfix/certs/key.pem

service imap-login {
        executable = /usr/libexec/dovecot/imap-login
inet_listener imap {
        address = *
        port = 143
        }
inet_listener imaps {
        port = 993
        ssl = yes
        }
}

service imap {
        executable = /usr/libexec/dovecot/imap
        }
service pop3-login {
        executable = /usr/libexec/dovecot/pop3-login
inet_listener pop3 {
        address = *
        port = 143
        }
inet_listener imaps {
        port = 993
        ssl = yes
        }
}

service imap {
        executable = /usr/libexec/dovecot/imap
        }
service pop3-login {
        executable = /usr/libexec/dovecot/pop3-login
inet_listener pop3 {
        address = *
        port = 110
        }
inet_listener pop3s {
        port = 995
        ssl = yes
        }
}

Если еще, что-то надо - говорите, добавлю в пост.

Может, дело не в постфиксе, а в центоси?

там же по дефолту в настройках файрволла «запрещено всё, что явно не разрешено».

В общем, cat /etc/sysconfig/iptables в студию!

slamd64 ★★★★★ ()

а SMTP только по 25 или 587 STARTTLS.

Откуда у тебя 587 порт , если

#submission inet n - n - - smtpd

vlb ★★★ ()
Ответ на: комментарий от slamd64

FW полностью выключен.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disable
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

А файл /etc/sysconfig/iptables вообще не существует.

Acamori ()
Ответ на: комментарий от vlb

Он включен в самом низу конфига

submission inet n       -       n       -       -       smtpd
          -o syslog_name=postfix/submission
          -o smtpd_tls_wrappermode=no
          -o smtpd_tls_security_level=encrypt
          -o smtpd_sasl_auth_enable=yes
          -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
          -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
          -o milter_macro_daemon_name=ORIGINATING
Acamori ()
Ответ на: комментарий от Acamori

Конфиги до включения TTL/SSL

Вот конфиги до включения TTL/SSL

/etc/postfix/main.cf

soft_bounce = no
queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
inet_interfaces = all
myhostname = mx.local.info
mydomain = local.info
myorigin = $mydomain
mydestination = $myhostname,localhost.$myhostname,localhost
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
relay_domains =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mail_spool_directory = /var/mail
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debug_peer_list = 127.0.0.1, 172.0.0.0/8, ya.ru, mail.ru, 10.0.0.0/8, ukr.net,
debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
config_directory = /etc/postfix
virtual_mailbox_domains = mysql:$config_directory/sql/vdomains.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = mysql:$config_directory/sql/vmailbox.cf
virtual_alias_maps = mysql:$config_directory/sql/valias.cf
virtual_minimum_uid = 1150
virtual_uid_maps = static:1150
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_policy_service unix:/var/spool/postfix/postgrey/socket,
    reject_non_fqdn_recipient,
    reject_invalid_hostname,
    reject_unknown_recipient_domain,
    reject_unknown_client,
    reject_unlisted_recipient,
    reject_unverified_recipient,
    reject_unauth_pipelining,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client dialups.mail-abuse.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client sbl-xbl.spamhaus.org,
    permit
smtpd_client_restrictions =
    reject_unauth_pipelining,
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unknown_client_hostname,
    permit
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_hostname,
    reject_invalid_helo_hostname,
    reject_unknown_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    permit
smtpd_sender_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_non_fqdn_sender,
    reject_authenticated_sender_login_mismatch,
    reject_unauthenticated_sender_login_mismatch,
    reject_unknown_sender_domain,
    permit_sasl_authenticated,
    reject_sender_login_mismatch
    permit
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings
Acamori ()
Ответ на: Конфиги до включения TTL/SSL от Acamori

/etc/postifx/master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
dovecot    unix    -    n    n    -    -    pipe
             flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d $(recipient)
scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}
127.0.0.1:10026 inet n - n - 16 smtpd
             -o content_filter=
             -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
             -o smtpd_helo_restrictions=
             -o smtpd_client_restrictions=
             -o smtpd_sender_restrictions=
             -o smtpd_recipient_restrictions=permit_mynetworks,reject
             -o mynetworks_style=host
             -o smtpd_authorized_xforward_hosts=127.0.0.0/8

Acamori ()
Ответ на: комментарий от Acamori

/etc/dovecot/dovecot.conf

auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_verbose = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
ssl = no
first_valid_uid = 1150
last_valid_uid = 1150
log_timestamp = %Y-%m-%d %H:%M:%S
mail_debug = yes
mail_location = maildir:/var/vmail/%d/%u
passdb {
          args = /etc/dovecot/dovecot-sql.conf
          driver = sql
}
protocols = imap pop3
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
          user = postfix
          group = postfix
          mode = 0660
    }
   unix_listener auth-master {
          user = vmail
          group = mail
          mode = 0660
    }
   unix_listener auth-userdb {
          user = vmail
          group = mail
          mode = 0660
    }
#user=root
}
service imap-login {
    executable = /usr/libexec/dovecot/imap-login
           inet_listener imap {
           address = *
           port = 143
     }
}
service imap {
    executable = /usr/libexec/dovecot/imap
}
service pop3-login {
     executable = /usr/libexec/dovecot/pop3-login
           inet_listener pop3 {
           address = *
           port = 110
     }
}
service pop3 {
           executable = /usr/libexec/dovecot/pop3
}
userdb {
           args = /etc/dovecot/dovecot-sql.conf
           driver = sql
}
protocol lda {
            auth_socket_path = /var/run/dovecot/auth-master
            postmaster_address = admim@local.info
}

Простите за громадные сообщения, но как тут поместить все под спойлер не знаю, cut не работает.

Acamori ()
Ответ на: /etc/dovecot/dovecot.conf от Acamori

не работает коннект по SMTP c использованием 465 порта SSL.

# openssl

OpenSSL> s_client -connect localhost:465

vlb ★★★ ()
Ответ на: комментарий от Acamori

/var/log/maillog

Вот что пишется в логах при попытке подключить ящик.

Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: connect from unknown[172.30.1.13]
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostname: unknown ~? 127.0.0.0/8
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostaddr: 172.30.1.13 ~? 127.0.0.0/8
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostname: unknown ~? 172.30.0.0/16
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostaddr: 172.30.1.13 ~? 172.30.0.0/16
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 220 mx.local.info ESMTP
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: watchdog_pat: 0xb7415c18
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: < unknown[172.30.1.13]: EHLO we-guess.mozilla.org
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: improper command pipelining after EHLO from unknown[172.30.1.13]
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-mx.imtp.info
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-PIPELINING
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-SIZE 10240000
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-VRFY
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-ETRN
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_list_match: unknown: no match
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_list_match: 172.30.1.13: no match
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-STARTTLS
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-ENHANCEDSTATUSCODES
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250-8BITMIME
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 250 DSN
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: watchdog_pat: 0xb7415c18
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: < unknown[172.30.1.13]: QUIT
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: > unknown[172.30.1.13]: 221 2.0.0 Bye
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostname: unknown ~? 127.0.0.0/8
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostaddr: 172.30.1.13 ~? 127.0.0.0/8
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostname: unknown ~? 172.30.0.0/16
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: match_hostaddr: 172.30.1.13 ~? 172.30.0.0/16
Feb 23 00:26:15 mx postfix/submission/smtpd[5640]: disconnect from unknown[172.30.1.13]
Feb 23 00:26:15 mx dovecot: auth: Debug: auth client connected (pid=5648)
Feb 23 00:26:15 mx dovecot: imap-login: Disconnected (no auth attempts): rip=172.30.1.13, lip=172.30.0.227, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
Feb 23 00:26:21 mx dovecot: auth: Debug: auth client connected (pid=5649)
Feb 23 00:26:21 mx dovecot: imap-login: Disconnected (no auth attempts): rip=172.30.1.13, lip=172.30.0.227, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48

Так понял где-то накосячил с сертификатами. Но вроде в /etc/postfix/main.cf я прописал к ним путь.

Acamori ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.