search for: smtpd_tls_key_file

...hostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in t...

...f these domains individually via certbot (letsencrypt) and nginx is happy with all of that. Since I initially configured the site to handle mail only for a.com, my /etc/postfix/main.cf file currently has these two lines: smtpd_tls_cert_file = /etc/letsencrypt/live/mail.a.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.a.com/privkey.pem But I see that mail test tools are reporting that MX for b.com and c.com are misconfigured due to an SSL name mismatch. Indeed, this is true! So I believe I should generate a multi-site SSL cert. I try this: sudo certbot certonly --cert-name...

...ions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/mail_the10thfloor_com.crt smtpd_tls_key_file = /etc/pki/tls/private/mail_the10thfloor_com-nopass.key smtpd_tls_security_level = may soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_gid_maps = static:502 virtual_mailbox_base = /home/vmail/ virtual_mailbox_domains = the10thfloor.com virtual...

...tfix } } service auth-worker { } service dict { unix_listener dict { } } -------------- main.cf smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no compatibility_level = 2 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination m...

...l_path = /var/spool/postfix/private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_use_tls = yes smtpd_tls_cert_file = /secret/tls.crt smtpd_tls_key_file = /secret/tls.key #virtual_create_maildirsize = yes #virtual_maildir_extended = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical...

...ame (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the...

...sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s unknown_local_recipient_reject_code = 550 virtual_mailbox_domains = $myhostname virtual_transport = dovecot ---- POSTFIX master.cf (just the important lines) smtp inet n - n -...

...smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/etc/ssl/more/server.crt smtpd_tls_key_file = /usr/local/etc/ssl/more/server.key smtpd_tls_loglevel = 0 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtu...

...l:/etc/postfix/mysql-virtual_sender_permissions.cf smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_helo_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/server/servername.pem smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf virtual_gid_maps = static:2000 virtual_mailbox_base = /var/customers/mail/ virtu...

...asl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_unauth_destination smtpd_timeout = 30 smtpd_tls_cert_file = /etc/postfix/ssl/wildcard.domain.com.crt smtpd_tls_key_file = /etc/postfix/ssl/wildcard.domain.com.key smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache transport_maps = mysql:/etc/postfix/mysql_transport.cf vacation_destination_recipient_limit = 1 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_ali...

...= yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 vir...

...mtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sasl_type = cyrus smtpd_timeout = 10s smtpd_tls_CAfile = /etc/pki/tls/certs/mailcampaign_csusb_edu_interm.cer smtpd_tls_cert_file = /etc/pki/tls/certs/mailcampaign_csusb_edu_cert.cer smtpd_tls_key_file = /etc/pki/tls/private/mailcampaign_csusb_edu.key smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 10800s smtpd_use_tls = yes transport_maps = hash:/e...

...eck_relay_domains smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /usr/share/ssl/certs/ca-bundle.crt smtpd_tls_cert_file = /usr/share/ssl/certs/postfix.pem smtpd_tls_key_file = /usr/share/ssl/certs/postfix.pem smtpd_tls_loglevel = 2 smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_transport = dovecot Regards, C.Y ================================...

...tion,permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-sender.cf smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = mysql:/etc/postfix/mysql-transport.cf unknown_local_recipient_reject_code = 550 virtual_alias_maps...

...x readme_directory = /usr/share/doc/postfix/README_FILES sample_directory = /usr/share/doc/postfix/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/pki/dovecot/certs/tgv2015.crt smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains...

...h 0 srw-rw-rw- 1 root wheel 0 May 27 13:57 /var/spool/postfix/private/auth postfix/main.cf: smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_starttls_timeout = 20s smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem smtpd_tls_key_file = /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may 16 -rw------- 1 root 443 4152 May 20 21:08 fullchain-1558408117.pem 0 lrwx------ 1 root 443 24 May 20 21:08 fullchain.pem -> fullchain-155840811...

....crt ssl_key = </home/teo-en-ming-corp/2023.key ssl_ca = </home/teo-en-ming-corp/inter2023.crt # nano /etc/dovecot/dovecot.conf protocols = imap pop3 !include conf.d/*.conf SECTION ON POSTFIX =================== # nano /etc/postfix/main.cf smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/2023.key smtpd_tls_cert_file = /etc/postfix/chain2023.crt smtpd_tls_CAfile = /etc/postfix/inter2023.crt Note: chain2023.crt is made by combining 2023.crt and inter2023.crt # nano /etc/postfix/master.cf submission inet n - n - - smtpd smtps inet n - n - - smtpd tlsmgr unix - - n 10...

hi to all, i trying to telnet my mailserver telnet support.example.com 25 the output like this: 250-support.example.com 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME starttls 220 Ready to start TLS when i try to quit/exit error i can see in the log like this: Jul 5 15:42:02 support postfix/smtpd[950]: SSL_accept error from

...password, same server address, TLS security type, and the server port of 25. HOWEVER, no mail has passed through it successfully, it just gives no error whatsoever, so far, while the server's log reports "Relay access denied." Notably, when setting up TLS, Postfix complained when the smtpd_tls_key_file was incorrect, but did not complain when it was provided properly, suggesting it's reading and accepting my self-signed certificate and private key. Ideas, please?! And, by the way, what's port 465 all about? Some clients propose that's what should be used to send... Thanks in advan...

...certbot (letsencrypt) and nginx is happy with all of that. > > Since I initially configured the site to handle mail only for a.com, > my /etc/postfix/main.cf file currently has these two lines: > > smtpd_tls_cert_file = /etc/letsencrypt/live/mail.a.com/fullchain.pem > smtpd_tls_key_file = /etc/letsencrypt/live/mail.a.com/privkey.pem > > But I see that mail test tools are reporting that MX for b.com and > c.com are misconfigured due to an SSL name mismatch. Indeed, this is > true! > > So I believe I should generate a multi-site SSL cert. I try this: > >...