Linux открыть порт smtp

Enable SMTPS service (SMTP over SSL, port 465)

Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.

Since iRedMail-1.5.0, smtps is enabled by default.

Why iRedMail doesn’t enable SMTPS (SMTP over SSL) by default

SMTPS is deprecated, so iRedMail disable it by default. Quote from wikipedia.org

Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. By the end of 1998, this was revoked when STARTTLS has been specified. With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS. The port 465 is now registered for Source-Specific Multicast audio and video.

Why enable SMTPS since it’s depreciated

Unfortunately, there’re some popular mail clients don’t support submission (SMTP over STARTTLS, port 587), the famous one is Microsoft Outlook. Quote from wikipedia.org:

Even in 2013, there are still services that continue to offer the deprecated SMTPS interface on port 465 in addition to (or instead of!) the RFC-compliant message submission interface on the port 587 defined by RFC 6409. Service providers that maintain port 465 do so because older Microsoft applications (including Entourage v10.0) do not support STARTTLS, and thus not the smtp-submission standard (ESMTPS on port 587). The only way for service providers to offer those clients an encrypted connection is to maintain port 465.

How to enable SMTPS

To enable SMTPS, you should configure Postfix to listen on port 465 first, then open port 465 in iptables.

Читайте также:  Compiling linux kernel source

Please append below lines in Postfix config file /etc/postfix/master.cf (Linux/OpenBSD) or /usr/local/etc/postfix/master.cf (FreeBSD):

465 inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026 

Restart Postfix service to enable SMTPS.

WARNING: Please make sure you have Amavisd listening on port 10026 (and 10024, 9998).

Open port 465 in firewall

On RHEL/CentOS

  • on RHEL/CentOS 6, please update iptables rule file /etc/sysconfig/iptables , add one rule (third line in below code) for port 465, then restart iptables service.
# Part of file: /etc/sysconfig/iptables -A INPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 587 -j ACCEPT -A INPUT -p tcp --dport 465 -j ACCEPT 
  Enable SMTPS Enable SMTPS.  

Update file /etc/firewalld/zones/iredmail.xml , enable smtps service by inserting line inside block like below:

Restart firewalld service:

# firewall-cmd --complete-reload 

On Debian/Ubuntu

nftables

Latest iRedMail releases use nftables on Debian/Ubuntu, you can find its config file /etc/nftables.conf , add port 465 under the line for submission (port 587, 3rd line in example below) like below:

 # smtp/submission tcp dport 25 accept tcp dport 587 accept tcp dport 465 accept 

Restart nftables service is required.

iptables

Old iRedMail releases use iptables on Debian/Ubuntu, you can find iptables rule file /etc/default/iptables , please add one rule (third line in below code) for port 465, then restart iptables service.

# Part of file: /etc/default/iptables -A INPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 587 -j ACCEPT -A INPUT -p tcp --dport 465 -j ACCEPT 

Restart iptables service is required.

on OpenBSD

On OpenBSD, please append service smtps in /etc/pf.conf , parameter mail_services= :

# Part of file: /etc/pf.conf mail_services="" 

All documents are available in GitHub repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.

Читайте также:  Openssl php extension linux

Источник

Enable SMTPS Port 465 in Postfix SMTP Server For Email Submission

In previous articles, we discussed how you can quickly set up your own mail server by using iRedMail or Modoboa, and also how to set up mail server from scratch on Ubuntu. This tutorial will be showing you how to enable SMTPS port 465 in Postfix SMTP server, so Microsoft Outlook users can send emails. SMTPS stands for Simple Mail Transfer Protocol Secure.

Why Enable SMTPS

Usually mail clients like Thunderbird submit outgoing emails to SMTP server over port 587, encrypted with STARTTLS. However, some mail clients (particularly Microsoft Outlook) can only submit outgoing emails over port 465, the SMTPS port. By default, both iRedMail and Modoboa only enables submission over port 587.

Enable SMTPS Port 465 in Postfix SMTP Server

SMTPS used as submission protocol is confusing, isn’t it? Let me explain. Originally in 1997, IANA (Internet Assigned Numbers Authority) assigned port 465 for SMTPS, which was intended to be used to encrypt communication between one SMTP server to another SMTP server, like mail.google.com and mail.yahoo.com. Later, STARTTLS came along, which allows SMTP servers to talk to each other securely over the existing SMTP port 25, so there’s no need to dedicate port 465 for secure SMTP any more. The SMTPS port was revoked. However, some mail clients like Microsoft Outlook erroneously interpreted smtps as submissions and used port 465 for email submission and it’s still the case to this day.

Another reason to enable port 465 submission is that it’s now encouraged by IETF (Internet Engineering Task Force). There are two approaches to secure email communications:

  • Use STARTTLS on existing port (like STARTTLS on port 587)
  • Implicit TLS on another dedicated port (For example, IMAP on port 143, IMAPS on port 993)

Now IETF believes that the STARTTLS approach isn’t perfect and started promoting the use of implicit TLS. It published RFC 8314 in January 2018 to encourage the use of port 465 for email submission, and RFC 8461 in September 2018 to encourage the use of MTA-STS for secure SMTP. Port 465 is likely to be renamed as the submissions port.

Читайте также:  Linux tar error 2

Note: Almost all mail clients can also submit outgoing emails on port 25, but most residential ISPs block port 25.

How to Enable SMTPS Port 465 in Postfix SMTP Server

Edit the Postfix master.cf file.

sudo nano /etc/postfix/master.cf

If you are using iRedMail, add the following lines at the end of this file.

smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026

If you are using Modoboa, add the following lines at the end of this file.

smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_proxy_filter=inet:[127.0.0.1]:10026

If you followed my setting up mail server from scratch tutorial, add the following lines instead.

smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth

Save and close the file. Restart Postfix for the change to take effect.

sudo systemctl restart postfix

Open TCP Port 465 in Firewall

If you are using UFW on Debian/Ubuntu, then run the following command to open TCP port 465.

If you use firewalld on CentOS, then run the following commands to open TCP port 465.

sudo firewall-cmd --permanent --add-service=smtps sudo systemctl reload firewalld

If you are using iptables, then run the following command.

sudo iptables -A INPUT -p tcp --dport 465 -j ACCEPT

Configure Mail Clients to Use Port 465 for Submission

Microsoft Outlook supports submission on port 465 only, so you don’t need to do special configuration. Mozilla Thunderbird defaults to port 587 for submission. It also supports port 465 with SSL/TLS encryption.

SMTPS-port-465-postfix-smtp-server

Conclusion

I hope this tutorial helped you enable SMTPS port 465 in Postfix SMTP server. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Источник

Оцените статью
Adblock
detector