I have an issue regarding SSL/TLS.
I have configured my certificates and STARTTLS works fine. Out of
curosity, I wanted to get SSL over tcp/465 working.
I uncommented the following line in master.cf:
smtps inet n - n - - smtpd
And netsat shows the server is now listening on tcp/465. However when
I configure my client (Thunderbird) use use SSL, it comes back with
the following error:
"Sending of message failed. The message could not be sent
because the connection to SMTP server mail timed out."
The following, rather unhelpfully, is listed in maillog:
Jan 18 21:58:48 mail postfix/smtpd[2551]: initializing the server-side
TLS engine
Jan 18 21:58:49 mail postfix/smtpd[2551]: connect from pc[172.x.x.x]
Jan 18 21:59:19 mail postfix/smtpd[2551]: lost connection after
UNKNOWN from pc[172.x.x.x]
Jan 18 21:59:19 mail postfix/smtpd[2551]: disconnect from pc[172.x.x.x]
Does anyone have any thoughts on what I'm missing?
Output from postconf -n:
body_checks = regexp:/usr/pkg/etc/postfix/body_checks
command_directory = /usr/pkg/sbin
config_directory = /usr/pkg/etc/postfix
daemon_directory = /usr/pkg/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
header_checks = regexp:/usr/pkg/etc/postfix/header_checks
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailq_path = /usr/pkg/bin/mailq
manpage_directory = /usr/pkg/man
message_size_limit = 0
mydestination = localhost, localhost.$mydomain, $myhostname, $mydomain
mydomain = xxx.xx.com
myhostname = mail.xxx.xx.com
mynetworks = x.x.x.x, x.x.x.x, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/pkg/bin/newaliases
proxy_interfaces = x.x.x.x
queue_directory = /var/spool/postfix
readme_directory = /usr/pkg/share/examples/postfix
sample_directory = /usr/pkg/share/examples/postfix
sendmail_path = /usr/pkg/sbin/sendmail
setgid_group = maildrop
smtp_tls_CAfile = /etc/openssl/certs/DigiCertCA.crt
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access
hash:/usr/pkg/etc/postfix/helo_access, reject_non_fqdn_hostname,
reject_invalid_hostname, reject_unknown_hostname, permit
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, check_sender_access
hash:/usr/pkg/etc/postfix/sender_access, reject_unauth_pipelining,
reject_non_fqdn_$
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, check_sender_access
hash:/usr/pkg/etc/postfix/sender_access, reject_non_fqdn_sender,
reject_unknown_sender$
smtpd_tls_CAfile = /etc/openssl/certs/DigiCertCA.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/openssl/certs/mail.xxx.xxx.xx.crt
smtpd_tls_key_file = /etc/openssl/private/mail.xxx.xxx.xx.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
unknown_local_recipient_reject_code = 550
