Can't configure SMTP encryption - postfix

Question

I have docker-mailserver and Roundcube in containers, beside there is MySQL database for mail data and user passwords. Dovecot inside is configured to verify logging in users passwords with database. Yesterday I've configured IMAP and it is working properly. Also Roundcube is working with no problem. Now I am facing problem configuring secure connection for SMTP. Even if there is setting "require" and similar to "always use STARTTLS" I am not getting possibility to send emails with secure connection. Plain (insecure) connections works ok.

My postfix-main.cf file:

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/dovecot/fullchain.pem
smtpd_tls_key_file = /etc/dovecot/privkey.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_protocols= !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_protocols= !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level=may
smtpd_tls_ciphers = high
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtp_enforce_tls = yes
smtpd_enforce_tls = yes

If I uncomment last 4 lines I am getting problems sending emails via Roundcube (SMTP server expects secure connection but on server it is not configured on Roundcube side). And also there is no possibility to secure SMTP communication from my home Thunderbird. TB with insecure connection works ok.

I've seen the documentation here:

http://www.postfix.org/SASL_README.html

but it does not help much.

What is the proper configuration needed to make postfix/dovecot work with STARTTLS?

EDIT:

Configuration: https://pastie.io/hxcfkw.ini

What I am getting at connection is:

# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.correct_domain.com ESMTP
EHLO test.com
250-mail.correct_domain.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
^]
telnet> quit
Connection closed.

So seems like the server is not offering any security.

EDIT2:

I've seen this link:

Forcing encryption for outgoing SMTP with Postfix

But nothing from there helps me. TB is constantly disconnecting from STARTTLS on the mail server.

Can't configure SMTP encryption - postfix

smtpd_tls_auth_only = yes

smtp_use_tls = yes

smtp_enforce_tls = yes

smtpd_enforce_tls = yes

0 Answers0