Hi Tony, After a hint from Chris I did some digging on configuring Postfix to listen on a TLS-only port. I found the following information on configuring main.cf and master.cf for TLS in Postfix
**** master.cf: additional services **** It can be useful to have postfix listen on additional ports, namely "submission"=587 for email submission as defined in RFC2476; this is especially useful if you want to allow AUTH with plaintext passwords (PLAIN, LOGIN) and hence run on a port with encryption enforcement. Another useful port may be "smtps"=465 which was intended with TLS-wrapping and is still used by Outlook (Express). Both example entries already contain the flags to enable SASL authentication (which may be disabled on the normal port). Since the actual service names are used, smtps and submission must be defined in /etc/services (and probably also in /var/spool/postfix/etc/services if chrooted)!!! (Use the port numbers otherwise.) # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # ========================================================================== smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes submission inet n - y - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes ****************************************** I believe you only need to use the stmps line (not the submission line) to get TLS for SMTP working with Squirrelmail. At least that was all that I did and SquirrelMail appears to be using TLS with STMP without any issues for me. Also, don't forget to set your STMP port to 465 in the SquirrelMail config. Good Luck John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tony Earnshaw Sent: Monday, November 03, 2003 4:57 PM To: [EMAIL PROTECTED] Subject: [SM-USERS] TLS and Postix 2.0 snapshot. starttls doesn't work Hi list SquirrelMail 1.4.2 postfix-2.0.16-20031022 Apache 1.3.27, mod_ssl-2.8.12-1.3.27, php 4.0.3, New poster, nothing to follow up. As soon as this is solved, I'll go away again. I second John Ridge's well-written posting of 2 November last, found on Germane (I can't go back far enough in my own posting cache begun today, and SquirrelMail has seemingly no archives - "use Gmane"). Line 38 of the file Deliver_SMTP.class.php puts a command to Postfix that Postfix can't understand. Why? I have postfix-2.0.16-20030921 configured to accept: Connected to localhost. Escape character is '^]'. 220 billy.demon.nl ESMTP Postfix ehlo billy.demon.nl 250-billy.demon.nl 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250 8BITMIME then: starttls then: ehlo billy.demon.nl 250-billy.demon.nl 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250 8BITMIME Works perfectly with Mozilla 1.4. But with SquirrelMail: The first "starttls" from SquirrelMail doesn't come. SquirrelMail sends: if (($use_smtp_tls == true) and (check_php_version(4,3)) and (extension_loaded('openssl'))) { $stream = fsockopen('tls://' . $host, $port, $errorNumber, $errorString); } else { $stream = fsockopen($host, $port, $errorNumber, $errorString); } Which sends: tls://localhost:25 Result: Warning: fsockopen() [function.fsockopen]: php_stream_sock_ssl_activate_with_method: SSL handshake/connection failed in /u/usr/local/apache/squirrelmail/class/deliver/Deliver_SMTP.class.php on line 38 Warning: fsockopen() [function.fsockopen]: failed to activate SSL mode 2 in /u/usr/local/apache/squirrelmail/class/deliver/Deliver_SMTP.class.php on line 38 Postfix says: Nov 3 22:35:54 billy postfix/smtpd[13971]: > localhost[127.0.0.1]: 220 billy.demon.nl ESMTP Postfix Nov 3 22:35:54 billy postfix/smtpd[13971]: watchdog_pat: 0x80ba818 Nov 3 22:35:54 billy postfix/smtpd[13971]: < localhost[127.0.0.1]: ??? Nov 3 22:35:54 billy postfix/smtpd[13971]: > localhost[127.0.0.1]: 502 Error: command not implemented Nov 3 22:35:55 billy postfix/smtpd[13971]: watchdog_pat: 0x80ba818 Nov 3 22:35:55 billy postfix/smtpd[13971]: < localhost[127.0.0.1]: Nov 3 22:35:55 billy postfix/smtpd[13971]: > localhost[127.0.0.1]: 500 Error: bad syntax Note the command to Postfix: "???" *Why*? What does "tls://localhost:port" mean? Why does Squirrelmail do that, when Postfix (and all other rfc2822-compliant MTAs) expect 'ehlo myhost.mydomain.tld; starttls'? What can I do to make things work, apart from changing the code, which I've not had the time to analyze or implement? --Tonni -- Tony Earnshaw Do not CC me or your mail will probably be rejected. I don't like this, either. Blame it on Swen and a slow Internet connection. http://www.billy.demon.nl Mail: billy-at-billy.demon.nl ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
