enable ssl for postfix in sentora

Like dovecot, sentora does not enable ssl for postfix by default, either. How do you know if ssl is enabled? You can use the command “netstat -antp|grep master”. master is the daemon of postfix. You’ll see postfix uses the port 25, which transports data in non-ciphered way. I followed this guide to set up postfix to support ssl.

The above configuration parameters are appended to /etc/postfix/main.cf.  However, the above settings are not enough for my outlook express client. I’d like to use SMTPS for outlook express, which uses port 587 to submit emails. After using the above configurations, the master daemon still listens on port 25. In fact, you need to change the configuration file(/etc/postfix/master.cf) for the master daemon.

The second line is the newly added configure code, which makes the daemon listen on port 587. You can refer to this post. Unfortunately, even with the modification of the two postfix configuration files, my outlook express still can not send emails using the server. Outlook Express reports the error:  0x800CCC0B when sending email. To debug the problem, you must know where the postfix log is. The location of postfix log can be found in neither /etc/postfix/main.cf nor /postfix/master.cf. In fact, the postfix log file is /var/log/maillog. And the error messages in /var/log/maillog are:

It seems a SSL related issue.  I commented out the line “smtpd_tls_protocols = !SSLv2, !SSLv3″ in /etc/postfix/main.cf, but got the same result. Then I commented the line “smtpd_tls_ciphers = high”, this time, it sent the email successfully. It turns out my outlook express uses sslv2 to communicate with the postfix server while postfix has determined sslv2 and sslv3 are not safe, and if you set smtpd_tls_ciphers to high, it will reject the connection(even without “smtpd_tls_protocols = !SSLv2, !SSLv3″). If you comment out the line “smtpd_tls_ciphers = high”, it will fall back to sslv2, even with “smtpd_tls_protocols = !SSLv2, !SSLv3″. Let us see what a successful transaction looks like.


Note that the authentication is done by SASL LOGIN method, so you need to set up the SMTP user/password in outlook express. If you try to send email anonymously, your email will be rejected with the server code 454, and outlook express will report the error code 0x800ccc79. The following is what is logged for postfix in such case.


Posted in tips of hosting