{"id":2364,"date":"2017-09-26T16:07:15","date_gmt":"2017-09-26T16:07:15","guid":{"rendered":"https:\/\/tst-amo.pp.ua\/blog\/?p=2364"},"modified":"2018-11-21T06:06:18","modified_gmt":"2018-11-21T06:06:18","slug":"postfix-starttls","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=2364","title":{"rendered":"Postfix + STARTTLS"},"content":{"rendered":"<p>1. \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c <a href=\"https:\/\/tst-amo.net.ua\/blog\/?p=2409\">\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0441\u0435\u043a\u0446\u0438\u0438 \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0438\u0435 \u0437\u0430 TLS<\/p>\n<pre>ee \/usr\/local\/etc\/postfix\/main.cf<\/pre>\n<pre># TLS\r\n smtpd_use_tls = yes\r\n smtpd_tls_security_level = may\r\n smtpd_tls_auth_only = yes\r\n smtpd_tls_key_file = \/usr\/local\/etc\/postfix\/device.key\r\n smtpd_tls_cert_file = \/usr\/local\/etc\/postfix\/device.crt\r\n smtpd_tls_CAfile = \/usr\/local\/etc\/postfix\/rootCA.pem\r\n smtpd_tls_loglevel = 1\r\n smtpd_tls_received_header = yes\r\n smtpd_tls_session_cache_timeout = 3600s\r\n tls_random_source = dev:\/dev\/urandom\r\n\r\n# A\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f\u00a0SMTP\r\n smtpd_sasl_auth_enable = yes\r\n smtpd_sasl_exceptions_networks = $mynetworks\r\n smtpd_sasl_security_options = noanonymous\r\n broken_sasl_auth_clients = yes\r\n smtpd_sasl_type = dovecot\r\n smtpd_sasl_path = private\/auth<\/pre>\n<p>\u0414\u0430\u043b\u0435\u0435, \u043e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 mozilla, \u0434\u0435\u043b\u0430\u0435\u043c \u0442\u0430\u043a &#8211; \u0432 \u0441\u0435\u043a\u0446\u0438\u0438 TLS \u0434\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c<br \/>\nmain.cf:<\/p>\n<pre>smtp_tls_mandatory_ciphers = high\r\nsmtp_tls_mandatory_protocols=!SSLv2,!SSLv3\r\n\r\ntls_high_cipherlist = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK\r\n\r\nsmtpd_tls_mandatory_ciphers = high\r\nsmtpd_tls_mandatory_protocols=!SSLv2,!SSLv3<\/pre>\n<p>\u0442\u0430\u043a \u043c\u044b \u0435\u0449\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u0441\u0430\u043c\u044b\u0435 <em>\u043d\u0430\u0434\u0435\u0436\u043d\u044b<\/em>\u0435, \u043d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f, \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u044b.<\/p>\n<p>\u0414\u0430\u043b\u0435\u0435, \u0440\u0430\u0441\u043a\u043e\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u0435\u043c \u0432 \/usr\/local\/etc\/postfix\/master.cf\u00a0\u0441\u0435\u043a\u0446\u0438\u044e \u0441 <em>sabmission<\/em><\/p>\n<pre>## <span style=\"color: #ff0000;\">Open 587<\/span> port for STARTTLS\r\nsubmission inet n - n - - smtpd\r\n  -o syslog_name=postfix\/submission\r\n  -o smtpd_tls_security_level=encrypt\r\n  -o smtpd_sasl_auth_enable=yes\r\n  # -o smtpd_tls_auth_only=yes\r\n  -o smtpd_reject_unlisted_recipient=no\r\n  # -o smtpd_client_restrictions=$mua_client_restrictions\r\n  # -o smtpd_helo_restrictions=$mua_helo_restrictions\r\n  # -o smtpd_sender_restrictions=$mua_sender_restrictions\r\n  # -o smtpd_recipient_restrictions=\r\n  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\r\n  -o milter_macro_daemon_name=ORIGINATING<\/pre>\n<pre>## <span style=\"color: #ff0000;\">Open 465<\/span> port for SSL\/TLS\r\nsmtps inet n - n - - smtpd\r\n  -o syslog_name=postfix\/smtps\r\n  -o smtpd_tls_wrappermode=yes\r\n  -o smtpd_sasl_auth_enable=yes<\/pre>\n<p>\u0414\u043b\u044f Dovecot \u0434\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c \u0432 <em>dovecot.conf<\/em><\/p>\n<pre># SSL (\u0435\u0441\u043b\u0438 \u043d\u0435\u0442 \u0442\u043e =\"NO\")\r\ndisable_plaintext_auth = yes\r\nssl = yes\r\nssl_cert = &lt;\/usr\/local\/etc\/postfix\/device.crt\r\nssl_key = &lt;\/usr\/local\/etc\/postfix\/device.key\r\n## Disable SSLV3 - Poodle\r\nssl_protocols = !SSLv2 !SSLv3\r\n##<\/pre>\n<p>\u0412 \u0438\u0442\u043e\u0433\u0435 \u043f\u0440\u0438 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u0430 \u043f\u0438\u0441\u044c\u043c\u0430 \u0432 GMAIL \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a \u0442\u0430\u043a\u043e\u0439:<\/p>\n<pre>Received: from smtp.279.ru (smtp.279.ru. [77.220.185.16])\r\nby mx.google.com with ESMTP id o79si14839747lfi.52.2016.02.15.04.15.43\r\nfor &lt;deryabinsergey@gmail.com&gt;;\r\nMon, 15 Feb 2016 04:15:43 -0800 (PST)\r\n<\/pre>\n<p>\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0432\u043e\u0442 \u0442\u0430\u043a\u0438\u043c:<\/p>\n<pre>Received: from smtp.279.ru (smtp.279.ru. [77.220.185.16])\r\nby mx.google.com with ESMTPS id d124si14810044lfg.170.2016.02.15.04.20.45\r\nfor &lt;deryabinsergey@gmail.com&gt;\r\n(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128\/128);\r\nMon, 15 Feb 2016 04:20:45 -0800 (PST)<\/pre>\n<p><span class=\"gI\">\u0418 \u043f\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0437\u0430\u043c\u043e\u0447\u0435\u043a \u0432 \u0441\u0435\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c<img decoding=\"async\" src=\"https:\/\/mail.google.com\/mail\/u\/0\/images\/cleardot.gif\" \/><br \/>\n<\/span><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/mail.google.com\/mail\/u\/0\/images\/cleardot.gif\" \/><img decoding=\"async\" src=\"https:\/\/mail.google.com\/mail\/u\/0\/images\/cleardot.gif\" \/><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-2396 size-medium\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/uploads\/2017\/09\/cleardot-300x169.jpg\" alt=\"\" width=\"300\" height=\"169\" srcset=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/uploads\/2017\/09\/cleardot-300x169.jpg 300w, https:\/\/tst-amo.net.ua\/blog\/wp-content\/uploads\/2017\/09\/cleardot.jpg 680w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-2776 aligncenter\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/uploads\/2017\/09\/TLS1-300x135.jpg\" alt=\"\" width=\"300\" height=\"135\" srcset=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/uploads\/2017\/09\/TLS1-300x135.jpg 300w, https:\/\/tst-amo.net.ua\/blog\/wp-content\/uploads\/2017\/09\/TLS1.jpg 496w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/mail.google.com\/mail\/u\/0\/images\/cleardot.gif\" \/><\/p>\n<div class=\"pdfprnt-buttons pdfprnt-buttons-post pdfprnt-bottom-right\"><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts2364&print=pdf\" class=\"pdfprnt-button pdfprnt-button-pdf\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/pdf.png\" alt=\"image_pdf\" title=\"View PDF\" \/><\/a><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts2364&print=print\" class=\"pdfprnt-button pdfprnt-button-print\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/print.png\" alt=\"image_print\" title=\"Print Content\" \/><\/a><\/div>","protected":false},"excerpt":{"rendered":"<p>1. \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b &nbsp; \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0441\u0435\u043a\u0446\u0438\u0438 \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0438\u0435 \u0437\u0430 TLS ee \/usr\/local\/etc\/postfix\/main.cf # TLS smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = \/usr\/local\/etc\/postfix\/device.key smtpd_tls_cert_file = \/usr\/local\/etc\/postfix\/device.crt smtpd_tls_CAfile = \/usr\/local\/etc\/postfix\/rootCA.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:\/dev\/urandom # A\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f\u00a0SMTP smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients &#8230;<\/p>\n<p><a href=\"https:\/\/tst-amo.net.ua\/blog\/?p=2364\" class=\"more-link\">Continue reading &lsquo;Postfix + STARTTLS&rsquo; &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50,7,70,85,84],"tags":[],"class_list":["post-2364","post","type-post","status-publish","format-standard","hentry","category-freebsd","category-mail","category-postfix","category-starttls","category-tls"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2364"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2364"}],"version-history":[{"count":14,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2364\/revisions"}],"predecessor-version":[{"id":3341,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2364\/revisions\/3341"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}