[Postfix-br] Postfix + Dovecot + Mysql + SSL/TLS [NÃO FUNCIONANDO]

Lucas Possamai drum.lucas em gmail.com
Domingo Junho 26 23:12:20 BRT 2016 

Olá tudo bem?

Estou montando um servidor de e-mail para testes.
Quero ativar a criptografia por SSL/TLS, mas estou enfrentando problemas.

Os e-mails estão funcionando bem. Utilizo dovecot(com managesieve) + mysql
+ roundcubemail + quota + postfixadmin

Mas apesar dos e-mails serem enviados e recebidos ok, eles não são
criptografados.

Poderiam me dar uma mão por favor?

Seguem as informações:

*Versão do postfix: *
2:2.10.1-6.el7

*postconf -n:*

> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> content_filter = amavisfeed:[127.0.0.1]:10024
> default_process_limit = 10
> disable_dns_lookups = no
> dovecot_destination_recipient_limit = 1
> inet_interfaces = all
> mailbox_command = /usr/libexec/dovecot/deliver
> mailbox_size_limit = 0
> milter_default_action = accept
> milter_protocol = 6
> mydestination = localhost.$mydomain, localhost, $myhostname
> myhostname = mail.exemplo.com.br
> mynetworks = 127.0.0.0/8 ip_EXTERNO/32
> non_smtpd_milters = $smtpd_milters
> qmgr_message_active_limit = 40000
> qmgr_message_recipient_limit = 40000
> readme_directory = no
> recipient_delimiter = +
> relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains.cf
> relayhost =
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
> reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks,
> reject_non_fqdn_hostname, reject_invalid_hostname,
> smtpd_milters = inet:127.0.0.1:8891
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = no
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = cyrus
> smtpd_tls_ask_ccert = yes
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/pki/tls/certs/exemplo.com.br.crt
> smtpd_tls_key_file = /etc/pki/tls/private/exemplo.com.br.key
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = encrypt
> smtpd_tls_session_cache_timeout = 10800s
> smtpd_use_tls = yes
> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/mail
> virtual_mailbox_domains = proxy:mysql:/etc/postfix/
> mysql_virtual_mailbox_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_minimum_uid = 5000
> virtual_transport = dovecot
> virtual_uid_maps = static:5000


*master.cf <http://master.cf>:*

> smtp      inet  n       -       n       -       -       smtpd -v
>   -o content_filter=spamassassin
>   -o smtpd_sasl_auth_enable=yes
>   -o receive_override_options=no_address_mappings
> submission inet n       -       n       -       -       smtpd
>   -o syslog_name=postfix/submission
>   -o smtpd_tls_security_level=encrypt
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>   -o milter_macro_daemon_name=ORIGINATING
> spamassassin unix -     n       n       -       -       pipe
> user=spamfilter argv=/usr/bin/spamc -f -e  /usr/sbin/sendmail -oi -f
> ${sender} ${recipient}
> smtps     inet  n       -       n       -       -       smtpd
>   -o syslog_name=postfix/smtps
>   -o smtpd_tls_wrappermode=yes
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>   -o milter_macro_daemon_name=ORIGINATING
> amavisfeed unix    -       -       n        -      2     lmtp
>     -o lmtp_data_done_timeout=1200
>     -o lmtp_send_xforward_command=yes
>     -o disable_dns_lookups=yes
>     -o max_use=20
> 127.0.0.1:10025 inet n    -       n       -       -     smtpd
>     -o content_filter=
>     -o smtpd_delay_reject=no
>     -o smtpd_client_restrictions=permit_mynetworks,reject
>     -o smtpd_helo_restrictions=
>     -o smtpd_sender_restrictions=
>     -o smtpd_recipient_restrictions=permit_mynetworks,reject
>     -o smtpd_data_restrictions=reject_unauth_pipelining
>     -o smtpd_end_of_data_restrictions=
>     -o smtpd_restriction_classes=
>     -o mynetworks=127.0.0.0/8
>     -o smtpd_error_sleep_time=0
>     -o smtpd_soft_error_limit=1001
>     -o smtpd_hard_error_limit=1000
>     -o smtpd_client_connection_count_limit=0
>     -o smtpd_client_connection_rate_limit=0
>     -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
>     -o local_header_rewrite_clients=
>     -o smtpd_milters=
>     -o local_recipient_maps=
>     -o relay_recipient_maps=
> dovecot       unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f
> ${sender} -d ${recipient}

*telnet localhost 25:*

> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 mail.exemplo.com.br ESMTP Postfix
> ehlo exemplo.com.br
> 250-mail.exemplo.com.br
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN


*telnet localhost 465:*

> Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: initializing the
> server-side TLS engine
> Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: connect from
> localhost[127.0.0.1]
> Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: setting up TLS connection
> from localhost[127.0.0.1]
> Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: localhost[127.0.0.1]: TLS
> cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!aNULL"
> Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: SSL_accept:before/accept
> initialization
> Jun 26 22:09:14 mail postfix/smtps/smtpd[28486]: read from 7F476E2B4AD0
> [7F476E2BF390] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
> Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: read from 7F476E2B4AD0
> [7F476E2BF390] (11 bytes => 11 (0xB))
> Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: 0000 65 68 6c 6f 20 6b 69
> 6e|67 68 6f                 ehlo
> Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: SSL_accept:error in
> SSLv2/v3 read client hello A
> Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: SSL_accept error from
> localhost[127.0.0.1]: -1
> Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: warning: TLS library
> problem: 28486:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol:s23_srvr.c:647:
> Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: lost connection after
> CONNECT from localhost[127.0.0.1]
> Jun 26 22:09:22 mail postfix/smtps/smtpd[28486]: disconnect from
> localhost[127.0.0.1]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/postfix-br/attachments/20160627/76a0ed56/attachment-0001.html>

More information about the Postfix-br mailing list