= POP3S/SMTPS = Services with postfix and dovecot == Ports == The encrypted port for POP3 is 995 and works over TLS/SSL. port 587 is the standard port for secure SMTP * https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol SMTP servers commonly use the Transmission Control Protocol on port number 25 (for plaintext) and 587 (for encrypted communications). * https://en.wikipedia.org/wiki/Post_Office_Protocol A POP3 server listens on well-known port number 110 for service requests. Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port number 995. == Steps == {{{#!highlight sh docker pull debian docker run -d -it --name debian_pod debian cat docker exec -it debian_pod bash cat /etc/os-release apt update apt install dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin libsasl2-modules # 2. Internet Site # General mail configuration type: 2 # System mail name: example.org service --status-all # dovecot pop3s vim /etc/dovecot/conf.d/10-mail.conf service dovecot status service dovecot restart netstat -at -n passwd # define root pwd adduser anonymous # pwd guest touch /var/mail/anonymous chown anonymous:mail /var/mail/anonymous chmod o-r /var/mail/anonymous chmod g+rw /var/mail/anonymous rsyslogd -v rsyslogd cat /var/log/syslog vim /etc/default/saslauthd # change START=yes dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd echo 'pwcheck_method: saslauthd' > /etc/postfix/sasl/smtpd.conf usermod -a -G sasl postfix service saslauthd start service saslauthd status # postfix smtps port 25 and 587 vim /etc/postfix/main.cf vim /etc/postfix/master.cf service postfix start service postfix status }}} == /etc/postfix/main.cf == {{{#!highlight sh # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level=may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=may smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache myhostname=mail.example.org mydomain=example.org smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination relay_domains= smtpd_sasl_auth_enable=yes smtpd_sasl_security_options=noanonymous smtpd_sasl_local_domain=$myhostname broken_sasl_auth_clients=yes smtpd_relay_restrictions=permit_sasl_authenticated home_mailbox=Maildir/ mail_spool_directory=/var/mail mydestination=$myhostname localhost.$mydomain localhost $mydomain mynetworks=127.0.0.0/8 10.0.0.0/24 }}} == /etc/dovecot/conf.d/10-mail.conf == {{{#!highlight sh mail_location = maildir:/home/%u/Maildir namespace inbox { inbox = yes } mail_privileged_group = mail protocol !indexer-worker { } }}} == /etc/postfix/master.cf == {{{#!highlight sh smtp inet n - y - - smtpd submission inet n - y - - smtpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} }}} == /etc/default/saslauthd == {{{#!highlight sh START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="shadow" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" }}} == Send email == {{{#!highlight sh openssl s_client -connect 127.0.0.1:25 -starttls smtp EHLO test 250-mail.example.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING AUTH LOGIN 334 VXNlcm5hbWU6 YW5vbnltb3Vz 334 UGFzc3dvcmQ6 Z3Vlc3Q= 235 2.7.0 Authentication successful mail from: root@example.org 250 2.1.0 Ok rcpt to: anonymous@example.org 250 2.1.5 Ok data 354 End data with . a2 111222 . 250 2.0.0 Ok: queued as 8AE891694FA quit }}} == Get message == {{{#!highlight sh openssl s_client -connect localhost:995 -ign_eof +OK Dovecot (Debian) ready. USER anonymous +OK PASS guest +OK Logged in. LIST +OK 1 messages: 1 423 . +OK 423 octets Return-Path: X-Original-To: anonymous@example.org Delivered-To: anonymous@example.org Received: from test (localhost [127.0.0.1]) by mail.example.org (Postfix) with ESMTPSA id AA1A7167F56 for ; Sat, 28 Oct 2023 18:38:10 +0000 (UTC) Message-Id: <20231028183815.AA1A7167F56@mail.example.org> Date: Sat, 28 Oct 2023 18:38:10 +0000 (UTC) From: root@example.org a2 111222 . quit }}} == Send to port 587 == {{{#!highlight sh openssl s_client -connect 127.0.0.1:587 -starttls smtp EHLO test 250-mail.example.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING AUTH LOGIN 334 VXNlcm5hbWU6 YW5vbnltb3Vz 334 UGFzc3dvcmQ6 Z3Vlc3Q= 235 2.7.0 Authentication successful mail from: root@example.org 250 2.1.0 Ok rcpt to: anonymous@example.org 250 2.1.5 Ok data 354 End data with . test 1 . 250 2.0.0 Ok: queued as 3823B169398 quit 221 2.0.0 Bye closed }}}