LMTPS : TLS over LMTP not working

Reindl Harald h.reindl at thelounge.net
Mon Nov 17 10:03:38 UTC 2014 

Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER:
> Hello,
> I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix.
> If I enforce TLS for LMTP at Postfix's side,  communication between Postfix and Dovecot is not working.
>
> I put
>    ssl = yes
>    ssl_cert = </dovecot/ssl/ssl-LMTP.pem
>    ssl_key = </dovecot/ssl/ssl-LMTP.key
> in section protocol LMTP within 20-lmtp.conf
>
> and
> service lmtp {
>    inet_listener lmtp {
>      name = dovecot_lmtp
>      address = xx.xx.xx.xx
>      port = 26
>      ssl = yes
>    }
>    process_min_avail = 5
> }
> within 10-master.conf
>
> Did I miss something?

did you configure postfix?
postconf -d | grep tls

not sure if postfix prefers STARTTLS only (likely since the smtop-client 
also don't support wrapper mode and lmtp is more or less the same as smtp)

lmtp_enforce_tls = no
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options =  $lmtp_sasl_tls_security_options
lmtp_starttls_timeout = 300s
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_block_early_mail_reply = no
lmtp_tls_cert_file =
lmtp_tls_ciphers = export
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_eccert_file =
lmtp_tls_eckey_file = $lmtp_tls_eccert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_force_insecure_host_tlsa_lookup = no
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = !SSLv2
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_protocols = !SSLv2
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_trust_anchor_file =
lmtp_tls_verify_cert_match = hostname

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141117/05848e91/attachment.sig>

More information about the dovecot mailing list