Plesk 10.4.4 Postfix 465

[md3vxx]

Plesk 10.4.4, CentOS x64

Plesk's postfix implementation includes a TLS daemon listening on TCP port 465. By default our company uses seperate SSL wrappers (stunnel) to manage inbound secure email connections to port 465.

We deleted this line:

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes

From /etc/postfix/master.cf, restarted our /etc/init.d/xinetd service and our wrappers work until Plesk is restarted and it re-generates to master.cf file.

We only want to master.cf file to list the default service (TCP 25) using this:

smtp inet n - n - - smtpd

How can we re-configure Plesk not to turn on the 465 service daemon in Postfix?

Christopher.

 

[IgorG]

I have tried to reproduce this issue. I have just commented line

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes

in master.cf and reloaded mailserver with

# /usr/local/psa/admin/sbin/mailmng --reload-service

after that port 465 was disabled:

# lsof -i tcp:465
#

 

[md3vxx]

That works until you restart Plesk (e.g. /etc/init.d/psa restart) at which time:

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes

Is appended to the base of the file again, see:

smtp inet n - n - - smtpd
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes

 

[IgorG]

As far as I remember smtps port shouldn't be closed due to RFC requirements. I think that Plesk just follows this instruction.

 

[md3vxx]

The port isn't being closed, we are simply using a STUNNEL wrapper to control the daemon rather than using Postfix's default service. The other issue is that if we switch to using Postfix's implementation all of our customers are forced to use TLS rather than SSL in their email clients and source IP information cannot be wrapped.