POP3S/SMTPS
Services with postfix and dovecot
Ports
The encrypted port for POP3 is 995 and works over TLS/SSL. port 587 is the standard port for secure SMTP
SMTP servers commonly use the Transmission Control Protocol on port number 25 (for plaintext) and 587 (for encrypted communications).
A POP3 server listens on well-known port number 110 for service requests. Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port number 995.
Steps
1 docker pull debian
2 docker run -d -it --name debian_pod debian cat
3 docker exec -it debian_pod bash
4 cat /etc/os-release
5 apt update
6 apt install dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin libsasl2-modules
7 # 2. Internet Site
8 # General mail configuration type: 2
9 # System mail name: example.org
10 service --status-all
11 # dovecot pop3s
12 vim /etc/dovecot/conf.d/10-mail.conf
13 service dovecot status
14 service dovecot restart
15
16 netstat -at -n
17 passwd # define root pwd
18 adduser anonymous # pwd guest
19 touch /var/mail/anonymous
20 chown anonymous:mail /var/mail/anonymous
21 chmod o-r /var/mail/anonymous
22 chmod g+rw /var/mail/anonymous
23
24 rsyslogd -v
25 rsyslogd
26 cat /var/log/syslog
27
28 vim /etc/default/saslauthd # change START=yes
29 dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
30 echo 'pwcheck_method: saslauthd' > /etc/postfix/sasl/smtpd.conf
31 usermod -a -G sasl postfix
32 service saslauthd start
33 service saslauthd status
34
35 # postfix smtps port 25 and 587
36 vim /etc/postfix/main.cf
37 vim /etc/postfix/master.cf
38 service postfix start
39 service postfix status
/etc/postfix/main.cf
1 # TLS parameters
2 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
3 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
4 smtpd_tls_security_level=may
5
6 smtp_tls_CApath=/etc/ssl/certs
7 smtp_tls_security_level=may
8 smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache
9 myhostname=mail.example.org
10 mydomain=example.org
11 smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination
12 relay_domains=
13 smtpd_sasl_auth_enable=yes
14 smtpd_sasl_security_options=noanonymous
15 smtpd_sasl_local_domain=$myhostname
16 broken_sasl_auth_clients=yes
17 smtpd_relay_restrictions=permit_sasl_authenticated
18 home_mailbox=Maildir/
19 mail_spool_directory=/var/mail
20 mydestination=$myhostname localhost.$mydomain localhost $mydomain
21 mynetworks=127.0.0.0/8 10.0.0.0/24
/etc/dovecot/conf.d/10-mail.conf
/etc/postfix/master.cf
1 smtp inet n - y - - smtpd
2 submission inet n - y - - smtpd
3 pickup unix n - y 60 1 pickup
4 cleanup unix n - y - 0 cleanup
5 qmgr unix n - n 300 1 qmgr
6 tlsmgr unix - - y 1000? 1 tlsmgr
7 rewrite unix - - y - - trivial-rewrite
8 bounce unix - - y - 0 bounce
9 defer unix - - y - 0 bounce
10 trace unix - - y - 0 bounce
11 verify unix - - y - 1 verify
12 flush unix n - y 1000? 0 flush
13 proxymap unix - - n - - proxymap
14 proxywrite unix - - n - 1 proxymap
15 smtp unix - - y - - smtp
16 relay unix - - y - - smtp
17 -o syslog_name=postfix/$service_name
18 showq unix n - y - - showq
19 error unix - - y - - error
20 retry unix - - y - - error
21 discard unix - - y - - discard
22 local unix - n n - - local
23 virtual unix - n n - - virtual
24 lmtp unix - - y - - lmtp
25 anvil unix - - y - 1 anvil
26 scache unix - - y - 1 scache
27 postlog unix-dgram n - n - 1 postlogd
28 maildrop unix - n n - - pipe
29 flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
30 uucp unix - n n - - pipe
31 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
32 ifmail unix - n n - - pipe
33 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
34 bsmtp unix - n n - - pipe
35 flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
36 scalemail-backend unix - n n - 2 pipe
37 flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
38 mailman unix - n n - - pipe
39 flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
/etc/default/saslauthd
Send email
1 openssl s_client -connect 127.0.0.1:25 -starttls smtp
2 EHLO test
3 250-mail.example.org
4 250-PIPELINING
5 250-SIZE 10240000
6 250-VRFY
7 250-ETRN
8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
10 250-ENHANCEDSTATUSCODES
11 250-8BITMIME
12 250-DSN
13 250 CHUNKING
14 AUTH LOGIN
15 334 VXNlcm5hbWU6
16 YW5vbnltb3Vz
17 334 UGFzc3dvcmQ6
18 Z3Vlc3Q=
19 235 2.7.0 Authentication successful
20 mail from: root@example.org
21 250 2.1.0 Ok
22 rcpt to: anonymous@example.org
23 250 2.1.5 Ok
24 data
25 354 End data with <CR><LF>.<CR><LF>
26 a2 111222
27 .
28 250 2.0.0 Ok: queued as 8AE891694FA
29 quit
Get message
1 openssl s_client -connect localhost:995 -ign_eof
2 +OK Dovecot (Debian) ready.
3 USER anonymous
4 +OK
5 PASS guest
6 +OK Logged in.
7 LIST
8 +OK 1 messages:
9 1 423
10 .
11 +OK 423 octets
12 Return-Path: <root@example.org>
13 X-Original-To: anonymous@example.org
14 Delivered-To: anonymous@example.org
15 Received: from test (localhost [127.0.0.1])
16 by mail.example.org (Postfix) with ESMTPSA id AA1A7167F56
17 for <anonymous@example.org>; Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
18 Message-Id: <20231028183815.AA1A7167F56@mail.example.org>
19 Date: Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
20 From: root@example.org
21
22 a2 111222
23 .
24 quit
Send to port 587
1 openssl s_client -connect 127.0.0.1:587 -starttls smtp
2 EHLO test
3 250-mail.example.org
4 250-PIPELINING
5 250-SIZE 10240000
6 250-VRFY
7 250-ETRN
8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
10 250-ENHANCEDSTATUSCODES
11 250-8BITMIME
12 250-DSN
13 250 CHUNKING
14 AUTH LOGIN
15 334 VXNlcm5hbWU6
16 YW5vbnltb3Vz
17 334 UGFzc3dvcmQ6
18 Z3Vlc3Q=
19 235 2.7.0 Authentication successful
20 mail from: root@example.org
21 250 2.1.0 Ok
22 rcpt to: anonymous@example.org
23 250 2.1.5 Ok
24 data
25 354 End data with <CR><LF>.<CR><LF>
26 test 1
27 .
28 250 2.0.0 Ok: queued as 3823B169398
29 quit
30 221 2.0.0 Bye
31 closed