Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo User (http://www.linux-archive.org/gentoo-user/)
-   -   SSL CUPS and SMTP on port 587 (http://www.linux-archive.org/gentoo-user/57708-ssl-cups-smtp-port-587-a.html)

Grant 02-17-2008 02:18 PM

SSL CUPS and SMTP on port 587
 
Does anyone have any experience printing with CUPS via SSL? I need to
print across the internet so I need the data to be transmitted via
SSL. I know CUPS supports SSL, but I can't find any information on
making it work. This guys has the same problem:

http://www.cups.org/newsgroups.php?s15392+gcups.general+v15401+T0

My ISP (Cox) blocks outgoing port 25 so I can't submit mail to my
remote mail server. From what I understand, port 587 is commonly used
to get around this. Can I have postfix listen on port 25 and port
587? Has anyone set that up?

- Grant
--
gentoo-user@lists.gentoo.org mailing list

Willie Wong 02-17-2008 04:22 PM

SSL CUPS and SMTP on port 587
 
On Sun, Feb 17, 2008 at 07:18:00AM -0800, Penguin Lover Grant squawked:
> My ISP (Cox) blocks outgoing port 25 so I can't submit mail to my
> remote mail server. From what I understand, port 587 is commonly used
> to get around this. Can I have postfix listen on port 25 and port
> 587? Has anyone set that up?

I do it slightly differently: I leave an SSH connection from my box to
the mail server, which maps some local port to port 25 on the mail
server, and send all my mail to the local port.

HTH,

W
--
"`Incidentally,' he said, `what does teleport mean?'
Another moment passed.
Slowly, the others turned to face him.
`Probably the wrong moment to ask,' said Arthur, `It's just
I remember you use the word a short while ago and I only
bring it up because...'
`Where,' said Ford quietly, `does it say teleport?'
`Well, just over here in fact,' said Arthur, pointing at a
dark control box in the rear of the cabin, `Just under the
word "emergency", above the word "system" and beside the
sign saying "out of order".'"

- Arthur finding an escape route from a certain death
situation.
Sortir en Pantoufles: up 436 days, 15:48
--
gentoo-user@lists.gentoo.org mailing list

Grant 02-17-2008 04:28 PM

SSL CUPS and SMTP on port 587
 
> > My ISP (Cox) blocks outgoing port 25 so I can't submit mail to my
> > remote mail server. From what I understand, port 587 is commonly used
> > to get around this. Can I have postfix listen on port 25 and port
> > 587? Has anyone set that up?
>
> I do it slightly differently: I leave an SSH connection from my box to
> the mail server, which maps some local port to port 25 on the mail
> server, and send all my mail to the local port.

Yeah I think I'll do that if port 587 doesn't work out. From what I
understand, using 587 in this way is somewhat of a standard?

- Grant


> HTH,
>
> W
--
gentoo-user@lists.gentoo.org mailing list

kashani 02-17-2008 06:51 PM

SSL CUPS and SMTP on port 587
 
Grant wrote:

My ISP (Cox) blocks outgoing port 25 so I can't submit mail to my
remote mail server. From what I understand, port 587 is commonly used
to get around this. Can I have postfix listen on port 25 and port
587? Has anyone set that up?

I do it slightly differently: I leave an SSH connection from my box to
the mail server, which maps some local port to port 25 on the mail
server, and send all my mail to the local port.


Yeah I think I'll do that if port 587 doesn't work out. From what I
understand, using 587 in this way is somewhat of a standard?


In your master.cf uncomment the following lines and then restart
Postfix. It should just work if you already have TLS setup.


smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes

kashani
--
gentoo-user@lists.gentoo.org mailing list

Grant 02-17-2008 07:24 PM

SSL CUPS and SMTP on port 587
 
> >>> My ISP (Cox) blocks outgoing port 25 so I can't submit mail to my
> >>> remote mail server. From what I understand, port 587 is commonly used
> >>> to get around this. Can I have postfix listen on port 25 and port
> >>> 587? Has anyone set that up?
> >> I do it slightly differently: I leave an SSH connection from my box to
> >> the mail server, which maps some local port to port 25 on the mail
> >> server, and send all my mail to the local port.
> >
> > Yeah I think I'll do that if port 587 doesn't work out. From what I
> > understand, using 587 in this way is somewhat of a standard?
>
> In your master.cf uncomment the following lines and then restart
> Postfix. It should just work if you already have TLS setup.
>
> smtps inet n - n - - smtpd
> -o smtpd_tls_wrappermode=yes
>
> kashani

I uncommented the above line and added the following to main.cf:

smtpd_tls_security_level = may

as instructed here:

http://www.postfix.org/TLS_README.html#server_enable

and restarted postfix, but I still can't send. In claws-mail, I tried
specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS
isn't set up properly?

- Grant
--
gentoo-user@lists.gentoo.org mailing list

Grant 02-17-2008 07:48 PM

SSL CUPS and SMTP on port 587
 
> > >>> My ISP (Cox) blocks outgoing port 25 so I can't submit mail to my
> > >>> remote mail server. From what I understand, port 587 is commonly used
> > >>> to get around this. Can I have postfix listen on port 25 and port
> > >>> 587? Has anyone set that up?
> > >> I do it slightly differently: I leave an SSH connection from my box to
> > >> the mail server, which maps some local port to port 25 on the mail
> > >> server, and send all my mail to the local port.
> > >
> > > Yeah I think I'll do that if port 587 doesn't work out. From what I
> > > understand, using 587 in this way is somewhat of a standard?
> >
> > In your master.cf uncomment the following lines and then restart
> > Postfix. It should just work if you already have TLS setup.
> >
> > smtps inet n - n - - smtpd
> > -o smtpd_tls_wrappermode=yes
> >
> > kashani
>
> I uncommented the above line and added the following to main.cf:
>
> smtpd_tls_security_level = may
>
> as instructed here:
>
> http://www.postfix.org/TLS_README.html#server_enable
>
> and restarted postfix, but I still can't send. In claws-mail, I tried
> specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS
> isn't set up properly?
>
> - Grant

Also I can see with nmap that smtps 465 is open and 587 is not. No
luck specifying 465 in claws-mail though.

- Grant
--
gentoo-user@lists.gentoo.org mailing list

kashani 02-17-2008 08:35 PM

SSL CUPS and SMTP on port 587
 
Grant wrote:

I uncommented the above line and added the following to main.cf:

smtpd_tls_security_level = may

as instructed here:

http://www.postfix.org/TLS_README.html#server_enable

and restarted postfix, but I still can't send. In claws-mail, I tried
specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS
isn't set up properly?


You need more than that. My /etc/postfix/main.cf looks like this and
you'll need to create the actual certs listed below as well. I recommend
smtpd_tls_auth_only so that anyone trying to smtp auth is required to do
it over an encrypted session.


# TLS stuff
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newkey.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
#smtpd_tls_loglevel = 3
#smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Additionally check to see what port Postfix is listening on. It's on
port 465 on my server and you'll need to set your mail client to SSL
rather than TLS.


kashani
--
gentoo-user@lists.gentoo.org mailing list

Grant 02-17-2008 09:37 PM

SSL CUPS and SMTP on port 587
 
> > I uncommented the above line and added the following to main.cf:
> >
> > smtpd_tls_security_level = may
> >
> > as instructed here:
> >
> > http://www.postfix.org/TLS_README.html#server_enable
> >
> > and restarted postfix, but I still can't send. In claws-mail, I tried
> > specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS
> > isn't set up properly?
>
> You need more than that. My /etc/postfix/main.cf looks like this and
> you'll need to create the actual certs listed below as well. I recommend
> smtpd_tls_auth_only so that anyone trying to smtp auth is required to do
> it over an encrypted session.
>
> # TLS stuff
> smtpd_tls_security_level = may
> smtpd_tls_auth_only = yes
> smtpd_tls_key_file = /etc/postfix/newkey.pem
> smtpd_tls_cert_file = /etc/postfix/newcert.pem
> smtpd_tls_CAfile = /etc/postfix/cacert.pem
> #smtpd_tls_loglevel = 3
> #smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
>
> Additionally check to see what port Postfix is listening on. It's on
> port 465 on my server and you'll need to set your mail client to SSL
> rather than TLS.

Thank you kashani. Now I'm getting "Relay access denied". I've been
sending via squirrelmail running on the same server so I need to make
an adjustment. What I'd like to do is allow relaying for any
authenticated smtp client but I don't see any option for that in the
main.cf comments. I tried adding "grant" to the postdrop group with
no luck.

Here's my main.cf (I'm using postgrey):

mydestination = mydomain.com
setgid_group = postdrop
smtpd_recipient_restrictions =
permit_mynetworks,
check_policy_service inet:127.0.0.1:10030
reject_unauth_destination,
permit
virtual_alias_maps = hash:/etc/postfix/virtual
message_size_limit = 20480000
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

How does that look?

- Grant
--
gentoo-user@lists.gentoo.org mailing list


All times are GMT. The time now is 09:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.