I have a question.
Do you know what smtpd_tls_wrappermode means in Postfix?
If you read the document (described later), the SMTPS and smtpd_tls_wrappermode on port 465 are
It doesn't seem to matter, but is it not?
I want to configure SMTPS over port 465 on Postfix.
"Submission" in RFC 8414 (SMTPS is not STARTTLS)
https://www.rfc-editor.org/rfc/rfc8314
In the end, we were able to do SMTPS with STARTTLS and SMTPS with submission, but
I don't know what smtpd_tls_wrappermode means.
In other words, I understand that smtpd_tls_wrappermode is an Outlook-only setting.
I have read the following document.
http://www.postfix.org/TLS_README.html
http://www.postfix.org/postconf.5.html#smtpd_tls_wrappermode
TLS_README says:
TLS is some times used in the non-standard "wrapper" mode where a server always uses TLS,
install of announcing STARTTLS support and waiting for remote SMTP clients to request TLS service.
Some clients, namely Outlook [Express] prefer the "wrapper" mode.
This is true for OE (Win32<5.0 and Win32>=5.0 when run on a port<>25 and OE (5.01 Mac on all ports).
The postconf.5 says:
smtpd_tls_wrappermode(default:no)
Run the Postfix SMTP server in the non-standard "wrapper" mode, install of using the STARTTLS command.
If you want to support this service, enable a special port in master.cf,
and specify "-osmtpd_tls_wrappermode=yes" on the SMTP server's command line.
Port 465(smtps) was once for this purpose.
%uname-rsm
Linux 4.17.3-1 - ARCH x86_64
·msmtp1.6.7
·Contents of ~/.msmtprc
defaults
logfile through /.msmtp.log
account test
host 192.168.1.24
port25
from [email protected]
user [email protected]
password password
account default:test
#uname-rsm
Linux 3.10.0-862.3.2.el7.x86_64x86_64
·Postfix 2.10.1
·Contents of /etc/postfix/master.cf
smtpinet n-n-smtpd-v
smtpsinet n-n-smtpd-v
-os smtpd_tls_wrappermode=yes
·Contents of postconf-n
alias_database=hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients=yes
command_directory=/usr/sbin
config_directory=/etc/postfix
daemon_directory=/usr/libexec/postfix
data_directory=/var/lib/postfix
debug_peer_level = 2
debugger_command=PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bindd$daemon_directory/$process_name$process_id&sleep5
home_mailbox=Maildir/
html_directory=no
inet_interfaces = 192.168.1.24
inet_protocols=all
mail_owner=postfix
mailbox_size_limit=40960000000000
mailq_path=/usr/bin/mailq.postfix
managepage_directory=/usr/share/man
message_size_limit =5120000000
mydestination=$myhostname, localhost.$mydomain, localhost, $mydomain
mydomain=example.jp
myhostname=smtp.example.jp
myorigin=$mydomain
newaliases_path=/usr/bin/newaliases.postfix
queue_directory=/var/spool/postfix
readme_directory=/usr/share/doc/postfix-2.10.1/README_FILES
sample_directory=/usr/share/doc/postfix-2.10.1/samples
sendmail_path=/usr/sbin/sendmail.postfix
setgid_group=postdrop
smtpd_recipient_restrictions=permit_sasl_authenticated, reject
smtpd_sasl_auth_enable=yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file=/etc/ssl/example.jp/server.crt
smtpd_tls_key_file=/etc/ssl/example.jp/private/server.key.no
smtpd_tls_loglevel=3
smtpd_tls_security_level=may
unknown_local_recipient_reject_code=550
I want to do a submission (SMTPS on port 465).
Comment out -os smtpd_tls_wrappermode=yes on master.cf.Error occurs.
%echo`date`|msmtp--account=test--auth=plain [email protected]=on--tls-starttls=off--tls-certcheck=off--port=465
msmtp:TLS handshake failed: An unexpected TLS packet was received.
msmtp —Could not send mail (account test from /home/miwa/.msmtprc)
Uncommented -os smtpd_tls_wrappermode=yes on master.cf.I can send you an email.
%echo`date`|msmtp--account=test--auth=plain [email protected]=on--tls-starttls=off--tls-certcheck=off--port=465
Verified that mail can be received to the destination.
Captured the packet and verified that the TLS handshake followed the TCP 3-way handshake.
Does the non-standard "wrapper" mode mean RFC?Also, what is "rapper"?
I understand that smtpd_tls_wrappermode is an Outlook-only setting, but is it actually necessary to do a submission (SMTPS on port 465)?
postfix ssl
"Do you mean RFC by ""the non-standard"" wrapper mode"?"
Standard = SSL/TLS for STARTTLS
Not Standard = Not STARTTLS SSL/TLS
I think that's what you mean.
Also, what is "rapper"?
If smtpd_tls_wrappermode=yes, it may mean that SMTP is wrapped in SSL/TLS because it is the SSL/TLS handshake from the first connection.
I understand that smtpd_tls_wrappermode is an Outlook-only setting, but is it actually necessary to do a submission (SMTPS on port 465)?
Required.
"Do you mean RFC by ""the non-standard"" wrapper mode"?"
I'm sorry.It's a little suspicious because I learned about submissions for the first time in this question.
However,
port 465 continued to be used even after disabling it.
RFC 8314 allocates port 465 again for TLS communication with Message Submission Agent (MSA) and
They also changed the service name from smtps to submissions.
From the above background,
The port 465 for Message Submission Agent (MSA) is set to
I think it is non-standard because it is used as an old smtps which is not standard but has been used for a long time.
What is "Rapper"?
The Mail Transfer Agent (MTA) is covered with a TLS-enabled communication conversion feature.
smtps service, so I think "wrapper" means the additional communication conversion feature.
© 2024 OneMinuteCode. All rights reserved.