Tran Nghi's Site  - Make notes and share experience

Force IMAPS and SMTPS and AMAVIS TLS

config postfix/dovecot using tls/ssl – force encrypt

Protocol Usage Plain text/encrypted session Encrypted session only
POP3 Incoming mail 110 995
IMAP Incoming mail 143 993
SMTP Outgoing mail 25 465
Submission Outgoing mail 587

 

Disable IMAP protocol and force IMAPS

Older versions of dovecot had an array in the file: /etc/dovecot/dovecot.conf

If you find an entry called protocols make sure to uncomment it and remove the imap from it and add imaps. I would recommend that you don’t use pop3 or pop3s anymore!
However, in newer versions there is just an include specified by the entry

!include_try /usr/share/dovecot/protocols.d/*.protocol

(If you want to disable pop3 and pop3s make sure to delete /usr/share/dovecot/protocols.d/pop3d.protocol ;))

Okay, we could just ignore some warnings and add an entry like Dovecot did it before and add our own protocols array. This will result in something like this

Jul 17 22:01:22 dustplanet dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:104: ‘imaps’ protocol can no longer be specified (use protocols=imap). to disable non-ssl imap, use service imap-login { inet_listener imap { port=0 } }

Now we get a hint! Then below will show how I get it to work…

Ref: https://dustplanet.de/howto-force-imaps-and-smtps-nice-roundcube-features/

Amavis and TLS
You might use amavisd-new as a spam and virus filter.
Then it can occur that some of these messages show up in your mail.log and the mails are not send.

Jul 18 01:05:11 infotechviet amavis[18922]: (18922-01) discarding unprocessed reply: 221 2.0.0 Bye
Jul 18 01:05:11 infotechviet amavis[18922]: (18922-01) (!)mail_via_smtp: error during QUIT: errno=
Jul 18 01:05:11 infotechviet amavis[18922]: (18922-01) (!)FWD from <[email protected]> -> <[email protected]>,BODY=7BIT 451 4.5.0 From MTA(smtp:[127.0.0.1]:10025) during fwd-rundown-1 (Negative SMTP response to RSET: 530 5.7.0 Must issue a STARTTLS command first at (eval 134) line 1037.): id=18922-01
Jul 18 01:05:12 infotechviet amavis[18922]: (18922-01) Blocked MTA-BLOCKED {RejectedOpenRelay}, [xx.xxx.xx.xxx]:51262 <[email protected]> -> <[email protected]>, Queue-ID: A9334788D9, Message-ID: <[email protected]>, mail_id: kMVr0ucODUYs, Hits: 0.108, size: 691, 2165 ms
Jul 18 01:03:17 dustplanet postfix/smtp[18739]: 3AA33788B0: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.29, delays=0.27/0.01/0.01/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])</[email protected]></[email protected]></[email protected]></[email protected]></[email protected]>

If so, you need to disable TLS for amavis to make sure mails can be send.

In /etc/postfix/master.cf add the following line to amavis service type

-o smtp_tls_security_level=none

and to 127.0.0.1:10025 the following

-o smtpd_tls_security_level=none

Other reference: https://www.namecheap.com/support/knowledgebase/article.aspx/9795/69/installing-and-configuring-ssl-on-postfixdovecot-mail-server

Message