SSL_accept error when mail client connect to postfix
I've managed to set up postfix and dovecot with self-signed certificate on my server. I can send and receive email using telnet command there. Now I want to connect to my mail server from a Thunderbird client on my laptop but it fails and here's the output of /var/log/mail.log:
postfix/submission/smtpd[11560]: connect from unknown[95.134.50.75]
postfix/submission/smtpd[11439]: SSL_accept error from unknown[95.134.50.75]: lost connection
postfix/submission/smtpd[11439]: lost connection after CONNECT from unknown[95.134.50.75]
Here's a part of /etc/postfix/master.cf that I've changed on setup:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
smtps inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
And here's my /etc/postfix/main.cf:
myhostname = mail.myserver.com
myorigin = /etc/mailname
mydestination = mail.myserver.com, myserver.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
inet_protocols = all
Also, not sure if this can help but both telnet localhost 25 and telnet localhost 465 work on server but only telnet myserver.com 465 works from my laptop, when I try port 25 it says telnet: Unable to connect to remote host: Connection timed out. ufw is inactive on server.
What should I do to fix it?
Port 465 is for SMTPS, it uses SSL immediately when establishing the connection and then uses the same SMTP protocol as normally found on port 25 after the secure connection is established. You test from the commandline with:
openssl s_client -connect smtp.example.com:465
Using telnet to connect to port 465 will result in an error message in the log files because the SSL protocol isn't used.
Just for completeness: to test TLS on the normal SMTP port, TCP/25
openssl s_client -starttls smtp -connect smtp.example.com:25
The only time I have seen this is when Postfix is blocking the client due to restrictive TLS/SSL settings:
smtpd_tls_protocols = !SSLv2, !SSLv3
If your mail client is trying to use SSL2 or 3 then this would be why. If not it could also be due to a blockage but you'd think the port would be outright blocked and you wouldn't see the client connection normally (for example my ISP blocks port 25 completely and when trying to connect to a mail server you see nothing in the logs).