Cant send email from outlook- postfix smtpd

[MuzafferE]

Hi,
When i try to login from outllook pop3 is ok but smtp is error.

When i check mail log file:

Nov  4 16:28:07 server1 courier-pop3d: Connection, ip=[::ffff:176.43.150.48]
Nov  4 16:28:07 server1 courier-pop3d: LOGIN, [email protected], ip=[::ffff:176.43.150.48], port=[23885]
Nov  4 16:28:07 server1 courier-pop3d: LOGOUT, [email protected], ip=[::ffff:176.43.150.48], port=[23885], top=0, retr=0, rcvd=12, sent=39, time=0
Nov  4 16:28:08 server1 postfix/smtpd[23544]: warning: 176.43.150.48: hostname host-176-43-150-48.reverse.superonline.net verification failed: Name or service not known
Nov  4 16:28:08 server1 postfix/smtpd[23544]: connect from unknown[176.43.150.48]
Nov  4 16:28:58 server1 postfix/smtpd[21370]: warning: 176.43.150.48: hostname host-176-43-150-48.reverse.superonline.net verification failed: Name or service not known
Nov  4 16:28:58 server1 postfix/smtpd[21370]: connect from unknown[176.43.150.48]
Nov  4 16:28:58 server1 postfix/smtpd[21370]: lost connection after EHLO from unknown[176.43.150.48]
Nov  4 16:28:58 server1 postfix/smtpd[21370]: disconnect from unknown[176.43.150.48]

Outlook setting;
SMTP: 465
POP3: 110

postfix master.cf

plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
mailman unix - n n - - pipe flags=R user=mailman:mailman argv=/usr/lib/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
plesk_saslauthd unix y y n - 1 plesk_saslauthd status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db

213.175.192.147- unix - n n - - smtp -o smtp_bind_address=213.175.192.147 -o smtp_bind_address6= -o smtp_address_preference=ipv4

213.175.192.146- unix - n n - - smtp -o smtp_bind_address=213.175.192.146 -o smtp_bind_address6= -o smtp_address_preference=ipv4

smtp      inet  n       -       n       -       -       smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restr$

postfix main.cf

# LF added
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL
smtpd_sasl_security_options = noplaintext

virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
transport_maps = hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks = 127.0.0.0/8 [::1]/128 31.193.142.38/32 213.175.192.146/32 213.175.192.147/32 [2a02:af8:6:2400::1:751]/128
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_client_access pcre:/var/spool/postfix/plesk/non_auth.re
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:110
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
non_smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
message_size_limit = 20480000
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3

I try to past pci compliance,but now this is not importand.
If there have some repair postfix command? Default configuration? Or how can i send emain from outlook.

 

[UFHH01]

Hi MuzafferE,

you are misconfiguring your eMail - server, if you first try to accept "SSLv3" ( "smtpd_tls_protocols = SSLv3, TLSv1" ) and later on remove it again with "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3" . As well, you define that you would like to use "TLSv1", but you remove it again with "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3".

Please have a look at the following commands:

openssl ciphers -v 'TLSv1' | sort​

As you can see, these ciphers suites are not defined as TLSv1 - ciphers, but as TLSv3 - ciphers.

Now have another look at this command, which will sort all your ciphers suites, when you exclude SSLv3 and SSLv2 completely:

openssl ciphers -v 'ALL:!SSLv2:!SSLv3' | sort​

As you can see, there are only ciphers for the protocol "TLSv1.2" left, which you don't accept with your configuration.


If you want DECENT informations about your security level, please use: https://www.ssllabs.com/ssltest/



The clue is to define the protocols, which you would like to use AND as well forbid the ones, which you don't want to use:

For the protocols:

smtp_tls_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
and
smtpd_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3​

Other recommendations:

smtp_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
and
smtp_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
and
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous​