MoinMoin Logo
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Navigation

  • Start
  • Sitemap
Revision 10 as of 2026-01-30 23:31:12
  • Docker
  • SmtpsPop3sImaps

Contents

  1. POP3S/SMTPS
    1. Ports
    2. Steps
    3. /etc/postfix/main.cf
    4. /etc/dovecot/conf.d/10-mail.conf
    5. /etc/postfix/master.cf
    6. /etc/default/saslauthd
    7. Send email
    8. Get message
    9. Send to port 587

POP3S/SMTPS

Services with postfix and dovecot

Ports

The encrypted port for POP3 is 995 and works over TLS/SSL. port 587 is the standard port for secure SMTP

  • https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol

SMTP servers commonly use the Transmission Control Protocol on port number 25 (for plaintext) and 587 (for encrypted communications).

  • https://en.wikipedia.org/wiki/Post_Office_Protocol

A POP3 server listens on well-known port number 110 for service requests. Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port number 995.

Steps

   1 docker pull debian:bookworm
   2 docker run -d -it --name debian_pod debian:bookworm cat
   3 docker exec -it debian_pod bash
   4 
   5 cat /etc/os-release | grep -i version
   6 VERSION_ID="12"
   7 VERSION="12 (bookworm)"
   8 VERSION_CODENAME=bookworm
   9 
  10 apt update
  11 apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin  libsasl2-modules
  12 # 2. Internet Site
  13 # General mail configuration type: 2
  14 # System mail name: example.org
  15 service --status-all
  16 # dovecot pop3s
  17 vim /etc/dovecot/conf.d/10-mail.conf
  18 service dovecot status
  19 service dovecot restart
  20 
  21 netstat -at -n
  22 passwd # define root pwd
  23 adduser anonymous # pwd guest
  24 touch /var/mail/anonymous
  25 chown anonymous:mail /var/mail/anonymous
  26 chmod o-r /var/mail/anonymous
  27 chmod g+rw /var/mail/anonymous
  28 
  29 rsyslogd -v
  30 rsyslogd
  31 cat /var/log/syslog
  32 
  33 vim /etc/default/saslauthd # change START=yes
  34 dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
  35 echo 'pwcheck_method: saslauthd' >  /etc/postfix/sasl/smtpd.conf
  36 usermod -a -G sasl postfix
  37 service saslauthd start
  38 service saslauthd status
  39 
  40 # postfix smtps port 25 and 587
  41 vim /etc/postfix/main.cf
  42 vim /etc/postfix/master.cf
  43 service postfix start
  44 service postfix status

/etc/postfix/main.cf

   1 # TLS parameters
   2 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
   3 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
   4 smtpd_tls_security_level=may
   5 
   6 smtp_tls_CApath=/etc/ssl/certs
   7 smtp_tls_security_level=may
   8 smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache
   9 myhostname=mail.example.org
  10 mydomain=example.org
  11 smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination
  12 relay_domains=
  13 smtpd_sasl_auth_enable=yes
  14 smtpd_sasl_security_options=noanonymous
  15 smtpd_sasl_local_domain=$myhostname
  16 broken_sasl_auth_clients=yes
  17 smtpd_relay_restrictions=permit_sasl_authenticated
  18 home_mailbox=Maildir/
  19 mail_spool_directory=/var/mail
  20 mydestination=$myhostname localhost.$mydomain localhost $mydomain
  21 mynetworks=127.0.0.0/8 10.0.0.0/24

/etc/dovecot/conf.d/10-mail.conf

   1 mail_location = maildir:/home/%u/Maildir
   2 namespace inbox {
   3   inbox = yes
   4 }
   5 mail_privileged_group = mail
   6 protocol !indexer-worker {
   7 }

/etc/postfix/master.cf

   1 smtp      inet  n       -       y       -       -       smtpd
   2 submission inet n       -       y       -       -       smtpd
   3 pickup    unix  n       -       y       60      1       pickup
   4 cleanup   unix  n       -       y       -       0       cleanup
   5 qmgr      unix  n       -       n       300     1       qmgr
   6 tlsmgr    unix  -       -       y       1000?   1       tlsmgr
   7 rewrite   unix  -       -       y       -       -       trivial-rewrite
   8 bounce    unix  -       -       y       -       0       bounce
   9 defer     unix  -       -       y       -       0       bounce
  10 trace     unix  -       -       y       -       0       bounce
  11 verify    unix  -       -       y       -       1       verify
  12 flush     unix  n       -       y       1000?   0       flush
  13 proxymap  unix  -       -       n       -       -       proxymap
  14 proxywrite unix -       -       n       -       1       proxymap
  15 smtp      unix  -       -       y       -       -       smtp
  16 relay     unix  -       -       y       -       -       smtp
  17         -o syslog_name=postfix/$service_name
  18 showq     unix  n       -       y       -       -       showq
  19 error     unix  -       -       y       -       -       error
  20 retry     unix  -       -       y       -       -       error
  21 discard   unix  -       -       y       -       -       discard
  22 local     unix  -       n       n       -       -       local
  23 virtual   unix  -       n       n       -       -       virtual
  24 lmtp      unix  -       -       y       -       -       lmtp
  25 anvil     unix  -       -       y       -       1       anvil
  26 scache    unix  -       -       y       -       1       scache
  27 postlog   unix-dgram n  -       n       -       1       postlogd
  28 maildrop  unix  -       n       n       -       -       pipe
  29   flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
  30 uucp      unix  -       n       n       -       -       pipe
  31   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  32 ifmail    unix  -       n       n       -       -       pipe
  33   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
  34 bsmtp     unix  -       n       n       -       -       pipe
  35   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
  36 scalemail-backend unix -       n       n       -       2       pipe
  37   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
  38 mailman   unix  -       n       n       -       -       pipe
  39   flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

/etc/default/saslauthd

   1 START=yes
   2 PWDIR="/var/spool/postfix/var/run/saslauthd"
   3 PARAMS="-m ${PWDIR}"
   4 PIDFILE="${PWDIR}/saslauthd.pid"
   5 DESC="SASL Authentication Daemon"
   6 NAME="saslauthd"
   7 MECHANISMS="shadow"
   8 THREADS=5
   9 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Send email

   1 openssl s_client -connect 127.0.0.1:25 -starttls smtp
   2 EHLO test
   3 250-mail.example.org
   4 250-PIPELINING
   5 250-SIZE 10240000
   6 250-VRFY
   7 250-ETRN
   8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
   9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
  10 250-ENHANCEDSTATUSCODES
  11 250-8BITMIME
  12 250-DSN
  13 250 CHUNKING
  14 AUTH LOGIN
  15 334 VXNlcm5hbWU6
  16 YW5vbnltb3Vz
  17 334 UGFzc3dvcmQ6
  18 Z3Vlc3Q=
  19 235 2.7.0 Authentication successful
  20 mail from: root@example.org
  21 250 2.1.0 Ok
  22 rcpt to: anonymous@example.org
  23 250 2.1.5 Ok
  24 data
  25 354 End data with <CR><LF>.<CR><LF>
  26 a2 111222
  27 .
  28 250 2.0.0 Ok: queued as 8AE891694FA
  29 quit

Get message

   1 openssl s_client -connect localhost:995 -ign_eof
   2 +OK Dovecot (Debian) ready.
   3 USER anonymous
   4 +OK
   5 PASS guest
   6 +OK Logged in.
   7 LIST
   8 +OK 1 messages:
   9 1 423
  10 .
  11 +OK 423 octets
  12 Return-Path: <root@example.org>
  13 X-Original-To: anonymous@example.org
  14 Delivered-To: anonymous@example.org
  15 Received: from test (localhost [127.0.0.1])
  16         by mail.example.org (Postfix) with ESMTPSA id AA1A7167F56
  17         for <anonymous@example.org>; Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
  18 Message-Id: <20231028183815.AA1A7167F56@mail.example.org>
  19 Date: Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
  20 From: root@example.org
  21 
  22 a2 111222
  23 .
  24 quit

Send to port 587

   1 openssl s_client -connect 127.0.0.1:587 -starttls smtp
   2 EHLO test
   3 250-mail.example.org
   4 250-PIPELINING
   5 250-SIZE 10240000
   6 250-VRFY
   7 250-ETRN
   8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
   9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
  10 250-ENHANCEDSTATUSCODES
  11 250-8BITMIME
  12 250-DSN
  13 250 CHUNKING
  14 AUTH LOGIN
  15 334 VXNlcm5hbWU6
  16 YW5vbnltb3Vz
  17 334 UGFzc3dvcmQ6
  18 Z3Vlc3Q=
  19 235 2.7.0 Authentication successful
  20 mail from: root@example.org
  21 250 2.1.0 Ok
  22 rcpt to: anonymous@example.org
  23 250 2.1.5 Ok
  24 data
  25 354 End data with <CR><LF>.<CR><LF>
  26 test 1
  27 .
  28 250 2.0.0 Ok: queued as 3823B169398
  29 quit
  30 221 2.0.0 Bye
  31 closed
  • MoinMoin Powered
  • Python Powered
  • GPL licensed
  • Valid HTML 4.01