Sometimes we got complain from our clients that they cannot send mails using OutLook form different
ISP/Network. To avoid this kind of inconvenience we can configure TLS
authentication from server.
Step: 1
vim /etc/dovecot/conf.d/10-master.conf [Edit / Add the following Lines]
# Postfix smtp-auth
unix_listener
/var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
Step: 2
Now come to postfix directory and edit main.cf file like following
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
########## Enable TLS ########
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
######################################
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#Authentication from dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_helo_required = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated
Step 3:
Now we need to enable the required SMTP port. Generally we see many providers do not allow default SMTP port 25 and SMTPS port 465. I usually suggest SMTP Submission port 587 in this cases. But keep in mind do not disable default SMTP port 25 from your server. It is required to SMTP communication between server to server.
Now we need to enable the required SMTP port. Generally we see many providers do not allow default SMTP port 25 and SMTPS port 465. I usually suggest SMTP Submission port 587 in this cases. But keep in mind do not disable default SMTP port 25 from your server. It is required to SMTP communication between server to server.
SMTP Port 25 disable and Enable
To enable port 587, edit the file /etc/postfix/master.cf
vim /etc/postfix/master.cf
and remove the # in
front of the line:
#submission inet n – n – – smtpd
so that it looks like this:
submission inet n – n – – smtpd
and restart postfix:
/etc/init.d/postfix restart
Step: 4
Step: 4
Now check all the necessary ports are listening in your server.
#netstat –nat | grep LISTEN
And check for the ports 25 (SMTP), 587 (SMTP
Submission), 143 (IMAP), 110 (POP3)
Step: 5
Modify the outlook email client configuration of users like
below image.
You are done.
