Hello,
I tried to activate SSL on LMTP service, to secure connections between Postfix
and Dovecot on my LAN, but Dovecot is not negociating a TLS session with
Postfix.
If I enforce TLS for LMTP at Postfix's side, communication between Postfix
and Dovecot is not working.
I put
ssl = yes
ssl_cert = </dovecot/ssl/ssl-LMTP.pem
ssl_key = </dovecot/ssl/ssl-LMTP.key
in section protocol LMTP within 20-lmtp.conf
and
service lmtp {
inet_listener lmtp {
name = dovecot_lmtp
address = xx.xx.xx.xx
port = 26
ssl = yes
}
process_min_avail = 5
}
within 10-master.conf
Did I miss something ?
Thank you for your help.
Regards,
Stan
Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER:> Hello, > I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. > If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working. > > I put > ssl = yes > ssl_cert = </dovecot/ssl/ssl-LMTP.pem > ssl_key = </dovecot/ssl/ssl-LMTP.key > in section protocol LMTP within 20-lmtp.conf > > and > service lmtp { > inet_listener lmtp { > name = dovecot_lmtp > address = xx.xx.xx.xx > port = 26 > ssl = yes > } > process_min_avail = 5 > } > within 10-master.conf > > Did I miss something?did you configure postfix? postconf -d | grep tls not sure if postfix prefers STARTTLS only (likely since the smtop-client also don't support wrapper mode and lmtp is more or less the same as smtp) lmtp_enforce_tls = no lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_starttls_timeout = 300s lmtp_tls_CAfile lmtp_tls_CApath lmtp_tls_block_early_mail_reply = no lmtp_tls_cert_file lmtp_tls_ciphers = export lmtp_tls_dcert_file lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_eccert_file lmtp_tls_eckey_file = $lmtp_tls_eccert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers lmtp_tls_fingerprint_cert_match lmtp_tls_fingerprint_digest = md5 lmtp_tls_force_insecure_host_tlsa_lookup = no lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers lmtp_tls_mandatory_protocols = !SSLv2 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site lmtp_tls_policy_maps lmtp_tls_protocols = !SSLv2 lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level lmtp_tls_session_cache_database lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file lmtp_tls_verify_cert_match = hostname -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20141117/05848e91/attachment.sig>
Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER:> Hello, > I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. > If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working. > > I put > ssl = yes > ssl_cert = </dovecot/ssl/ssl-LMTP.pem > ssl_key = </dovecot/ssl/ssl-LMTP.key > in section protocol LMTP within 20-lmtp.conf > > and > service lmtp { > inet_listener lmtp { > name = dovecot_lmtp > address = xx.xx.xx.xx > port = 26 > ssl = yes > } > process_min_avail = 5 > } > within 10-master.conf > > Did I miss something ? > > Thank you for your help. > > Regards, > Stan >as far in know this isnt implemented in dovecot yet, but will come Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein