Hello,
I've got a Debian 12.5 vps going, it's running Dovecot 2.3.x, Postfix
3.7.x, secured with letsencrypt. I've confirmed that my certificates are
valid and unexpired. I'm trying to connect via StartTLS to Dovecot 143,
for retrieving mail, and Postfix 587 submission to send it. I'm wanting
to utilize Thunderbird v91.x. I've tried configuring with both the
automatic configuration and the manual configuration, in both cases I am
getting an error in my maillog from submission/smtpd service stating
error improper command pipelining after helo. Googling showed this error
but in that case the solution was he was running Avast Antivirus, I am
not. In either case manual or automatic the configuration does not
complete. I'm wondering if anyone else has seen this with these versions
of Thunderbird and Postfix?
Do my *restrictions and tls configurations look good?
Here's my postconf -n output hope it helps.
Suggestions welcome.
Thanks.
Dave.
# postconf -n
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1h
compatibility_level = 9999
disable_vrfy_command = yes
inet_interfaces = 127.0.0.1, xxx.xxx.xxx.xxx
inet_protocols = ipv4
mailbox_size_limit = 0
maximal_backoff_time = 15m
maximal_queue_lifetime = 1h
message_size_limit = 52428800
minimal_backoff_time = 5m
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
policyd-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = ix.dnsbl.manitu.net*2 zen.spamhaus.org*2
bl.spamcop.net*2
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
queue_run_delay = 5m
recipient_delimiter = +
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_policy_maps = proxy:mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo_access,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
smtpd_recipient_restrictions = check_recipient_access
proxy:mysql:/etc/postfix/sql/recipient-access.cf, permit_mynetworks,
permit_sasl_authenticated, reject_invalid_hostname,
reject_unknown_client_hostname, reject_unknown_recipient_domain,
reject_non_fqdn_recipient, reject_unauth_destination,
reject_sender_access pcre:/etc/postfix/sender_access,
check_policy_service unix:private/dovecot-quota
smtpd_relay_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks
permit_sasl_authenticated reject_unauth_destination,
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/example.com/example.com.fullchain.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_key_file = /etc/ssl/example.com/example.com.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/aliases.cf
virtual_gid_maps = static:992
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:999
#cat /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
#
==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
#
==========================================================================
#smtp inet n - n - - smtpd
smtp inet n - n - 1 postscreen
-o smtpd_sasl_auth_enable=no
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
# Choose one: enable submission for loopback clients only, or for any
client.
#127.0.0.1:submission inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o smtpd_client_auth_rate_limit=0
-o smtpd_client_connection_rate_limit=0
-o cleanup_service_name=submission-header-cleanup
-o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any
client.
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
# submission-header-cleanup unix n - n - 0 cleanup
# -o header_checks=regexp:/etc/postfix/submission_header_cleanup
policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policyd-spf
--
Sent from Mozilla Thunderbird 91.13.1
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org