Scalix Forums


http://www.scalix.com/forums/

Enable secure SMTP, IMAP, POP ports

http://www.scalix.com/forums/viewtopic.php?f=46&t=78412

Page 1 of 1

Enable secure SMTP, IMAP, POP ports

Posted: Mon Jul 20, 2015 12:19 am
by martinroman
Hello,

I have successfully installed a email server based in Scalix Community Edition 12.5 on a Centos 6.6 server.

We require to enable secure (self-signed SSL Certificate) SMTP, IMAP, POP ports as follows:

SMTP SSL 465
IMAP SSL 993
POP SSL 995

I could not find updated information about how to do it.

Any feedback, wiki or URL with information about this issue will be appreciated.

Regards,

Martin

Re: Enable secure SMTP, IMAP, POP ports

Posted: Mon Jan 04, 2016 11:07 am
by ScalixSupport
Hello Mr. Martin

Yes, this has to be done with "stunnel". The installation of stunnel itself is not specific to Scalix. Usual instructions for the distribution apply.

General information in http://www.scalix.com/wiki/index.php?title=HowTos/ScalixSecurity#Setting_up_stunnel are still valid.

Regards,
Scalix Support Team

Re: Enable secure SMTP, IMAP, POP ports

Posted: Wed Sep 07, 2016 4:24 am
by ebhannes
General information in http://www.scalix.com/wiki/index.php?title=HowTos/ScalixSecurity#Setting_up_stunnel are still valid.


There are differences in the how-to compared to the 12.5 documentation. The docs tells you nothing about editing smtpd.cfg (activating Submit = On, Issue with ActiveSync User).
The stunnelconfig change is also described differently:
documentation:

Code: Select all

[ssmtp]
accept = 465
connect = mail.scalix.com:25

wiki:

Code: Select all

[ssmtp]
accept  = 465
connect = localhost:587


I'm still trying to setup stunnel and run into some issue when sending mail out of thunderbird, which is configured to use SSL/TLS with encrypted passwords and port 465.
On approximately every third mail there's an error message opening telling about a timeout from the smtp server. When pressing send again, mail will be send successful.
stunnel debug log tells me this:

Code: Select all

remote socket: Address family not supported by protocol (97)
. Internet search doesn't return any valuable information for me.
After changing stunnel.conf to myhostname.local:25 instead of localhost:587 and disabling Submit = On in smtpd.cfg i cannot reproduce the error anymore but i worry about sideeffects (ActiveSync etc.) . I've tried with the standard stunnel version of SLES 11 SP4 (v4.54) and the newest available one (v5.30) with different Thunderbird versions (36.0,45.0).

hoping for some input
Hannes

Re: Enable secure SMTP, IMAP, POP ports

Posted: Fri Sep 09, 2016 3:10 am
by ScalixSupport
Hello,

As per our investigation, next settings for stunnel is correct (note that ip could be used instead of hostname)

[pop3s]
connect = your_mail_server_ip:110
accept = your_mail_server_ip:995

[imaps]
delay = yes
connect = your_mail_server_ip:143
accept = your_mail_server_ip:993

[smtps]
protocol = smtp
connect = your_mail_server_ip:25
accept = your_mail_server_ip:465

[uals]
accept = your_mail_server_ip:5767
connect = your_mail_server_ip:5729

As for openrelay problem, adding to smtpd.conf next "ANONYMOUS Reject
your_mail_server_ip" before "DEFAULT_SMTP=localhost 25" should fix that issue.
Also in smtpd.cfg it's more "rfc complaint" would be to have SUBMIT=ON and
[SUBMIT]
# Reject all anonymous connections
ANONYMOUS Log_Reject ALL

Please try above trick, if it doesn't help please create support ticket.

Thanks !

Regards,
Scalix Support Team.
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/