CentOS... Close port 25, open 465 for SSL.
following this guide I setup my email smtp and it is quitely well configured, it isn't an open relay and is requires auth.
If I do an nmap -sS localhost I can see that the only SMTP port opened is the port 25.
I want to close that port and leave the port 465 opened for SMTP via SSL.
How can I do that?
I want to do that to make my customers life easyer when configuring thunderbird, in the way it is now, thunderbird fails on autoconfiguring SMTP.
Thanks.
7 Replies
If so, and assuming you are using postfix, then you should probably just comment out the "smtp" line in master.cf.
@Stever:
If you close port 25, you will not receive email on this server - you will only be able to send. Are you sure that is what you want?
If so, and assuming you are using postfix, then you should probably just comment out the "smtp" line in master.cf.
no, it isn't what I want and yes I'm using postfix.
I want that thunderbird will be able to detect automatically the server settings, this is important.
Thunderbird is able to correctly detect IMAP on port 993 using SSL but when it try to detect for SMTP it detects the SMTP on port 25 without any secure layer.
Anyway if I configure thunderbird by hand I can send email using port 25 with STARTTSL, how can I make thunderbird recognize this settings automatically?
I think that I need to open port 465 and enable SSL on it.
Am I right? How can I open port 465 for SSL?
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
@Stever:
I don't know if this will help Thunderbird, but there should be a commented section in master.cf that starts with "smtps" - uncomment that section (including all the immediately following "-o" lines) and you will have smtps listening on 465.
#smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
this opened port 465, but I'm unable to send email with that port now, also by manual configuring.
Firewall?
telnet localhost 25
I don't see this
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
EHLO example.com
250-mail.example.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
but this without the AUTH PLAIN LOGIN
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
EHLO example.com
250-mail.example.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
probably the problem with thunderbird depends on this, why I don't see the
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
lines?
@Stever:
shrug - works for me.
Firewall?
yes it is firewall, what is the exact rule that I should add for that port?
thanks for your help.