How to Set Up an SMTP Submission Server on Linux
- by Kevin Cox
I was trying to set up a mail server with no luck. I want it to accept mail from authenticated users only and deliver them. I want the users to be able to connect over the internet. Ideally the mail server wouldn't accept any incoming mail. Essentially I want it to accept messages on a receiving port and transfer them to the intended recipient out port 25.
If anyone has some good links and guides that would be awesome. I am quite familiar with linux but have never played around with MTA's and am currently running debian 6.
More Specific Problem!
Sorry, that was general and postfix is complex.
I am having trouble enabling the submission port with encryption and authentication.
What Works:
Sending mail from the local machine. (sendmail [email protected]).
Ports are open. (25 and 587)
Connecting to 587 appears to work, I get a "need to starttls" warning and starttls appears to work.
But when I try to connect with the next command I get the error below.
# openssl s_client -connect localhost:587 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=localhost.localdomain
verify return:1
---
Certificate chain
0 s:/CN=localhost.localdomain
i:/CN=localhost.localdomain
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvDCCAaQCCQCYHnCzLRUoMTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVs
b2NhbGhvc3QubG9jYWxkb21haW4wHhcNMTIwMjE3MTMxOTA1WhcNMjIwMjE0MTMx
OTA1WjAgMR4wHAYDVQQDExVsb2NhbGhvc3QubG9jYWxkb21haW4wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEFA/S6VhJihP6OGYrhEtL+SchWxPZGbgb
VkgNJ6xK2dhR7hZXKcDtNddL3uf1YYWF76efS5oJPPjLb33NbHBb9imuD8PoynXN
isz1oQEbzPE/07VC4srbsNIN92lldbRruDfjDrAbC/H+FBSUA2ImHvzc3xhIjdsb
AbHasG1XBm8SkYULVedaD7I7YbnloCx0sTQgCM0Vjx29TXxPrpkcl6usjcQfZHqY
ozg8X48Xm7F9CDip35Q+WwfZ6AcEkq9rJUOoZWrLWVcKusuYPCtUb6MdsZEH13IQ
rA0+x8fUI3S0fW5xWWG0b4c5IxuM+eXz05DvB7mLyd+2+RwDAx2LAgMBAAEwDQYJ
KoZIhvcNAQEFBQADggEBAAj1ib4lX28FhYdWv/RsHoGGFqf933SDipffBPM6Wlr0
jUn7wler7ilP65WVlTxDW+8PhdBmOrLUr0DO470AAS5uUOjdsPgGO+7VE/4/BN+/
naXVDzIcwyaiLbODIdG2s363V7gzibIuKUqOJ7oRLkwtxubt4D0CQN/7GNFY8cL2
in6FrYGDMNY+ve1tqPkukqQnes3DCeEo0+2KMGuwaJRQK3Es9WHotyrjrecPY170
dhDiLz4XaHU7xZwArAhMq/fay87liHvXR860tWq30oSb5DHQf4EloCQK4eJZQtFT
B3xUDu7eFuCeXxjm4294YIPoWl5pbrP9vzLYAH+8ufE=
-----END CERTIFICATE-----
subject=/CN=localhost.localdomain
issuer=/CN=localhost.localdomain
---
No client certificate CA names sent
---
SSL handshake has read 1605 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: E07926641A5EF22B15EB1D0E03FFF75588AB6464702CF4DC2166FFDAC1CA73E2
Session-ID-ctx:
Master-Key: 454E8D5D40380DB3A73336775D6911B3DA289E4A1C9587DDC168EC09C2C3457CB30321E44CAD6AE65A66BAE9F33959A9
Key-Arg : None
Start Time: 1349059796
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 DSN
read:errno=0
If I try to connect from evolution I get the following error:
The reported error was "HELO command failed: TCP connection reset by peer".