Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER:
Hello, I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working.
I put ssl = yes ssl_cert =
and service lmtp { inet_listener lmtp { name = dovecot_lmtp address = xx.xx.xx.xx port = 26 ssl = yes } process_min_avail = 5 } within 10-master.conf
Did I miss something?
did you configure postfix? postconf -d | grep tls
not sure if postfix prefers STARTTLS only (likely since the smtop-client also don't support wrapper mode and lmtp is more or less the same as smtp)
lmtp_enforce_tls = no lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_starttls_timeout = 300s lmtp_tls_CAfile = lmtp_tls_CApath = lmtp_tls_block_early_mail_reply = no lmtp_tls_cert_file = lmtp_tls_ciphers = export lmtp_tls_dcert_file = lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_eccert_file = lmtp_tls_eckey_file = $lmtp_tls_eccert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers = lmtp_tls_fingerprint_cert_match = lmtp_tls_fingerprint_digest = md5 lmtp_tls_force_insecure_host_tlsa_lookup = no lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = lmtp_tls_mandatory_protocols = !SSLv2 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site = lmtp_tls_policy_maps = lmtp_tls_protocols = !SSLv2 lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level = lmtp_tls_session_cache_database = lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file = lmtp_tls_verify_cert_match = hostname