Contents
POP3S/SMTPS
Services SMTPS, POP3S and IMAPS with postfix and dovecot.
Ports
The encrypted port for POP3 is 995 and works over TLS/SSL. port 587 is the standard port for secure SMTP
SMTP servers commonly use the Transmission Control Protocol on port number 25 (for plaintext) and 587 (for encrypted communications).
A POP3 server listens on well-known port number 110 for service requests. Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port number 995.
Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection.[1] IMAP is defined by RFC 9051.
An IMAP server typically listens on port number 143. IMAP over SSL/TLS (IMAPS) is assigned the port number 993.
Docker environment
connect.sh
saslauthd
main.cf
1 # TLS parameters
2 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
3 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
4 smtpd_tls_security_level=may
5
6 smtp_tls_CApath=/etc/ssl/certs
7 smtp_tls_security_level=may
8 smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache
9 myhostname=mail.example.org
10 mydomain=example.org
11 smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination
12 relay_domains=
13 smtpd_sasl_auth_enable=yes
14 smtpd_sasl_security_options=noanonymous
15 smtpd_sasl_local_domain=$myhostname
16
17 smtpd_sasl_auth_enable = yes
18 smtpd_sasl_path = smtpd
19 smtpd_sasl_type = cyrus
20
21 broken_sasl_auth_clients=yes
22 smtpd_relay_restrictions=permit_sasl_authenticated
23 home_mailbox=Maildir/
24 mail_spool_directory=/var/mail
25 mydestination=$myhostname localhost.$mydomain localhost $mydomain
26 mynetworks=127.0.0.0/8 10.0.0.0/24
smtpd.conf
1 pwcheck_method: saslauthd
mailstart.sh
master.cf
1 smtp inet n - y - - smtpd
2 submission inet n - y - - smtpd
3 pickup unix n - y 60 1 pickup
4 cleanup unix n - y - 0 cleanup
5 qmgr unix n - n 300 1 qmgr
6 tlsmgr unix - - y 1000? 1 tlsmgr
7 rewrite unix - - y - - trivial-rewrite
8 bounce unix - - y - 0 bounce
9 defer unix - - y - 0 bounce
10 trace unix - - y - 0 bounce
11 verify unix - - y - 1 verify
12 flush unix n - y 1000? 0 flush
13 proxymap unix - - n - - proxymap
14 proxywrite unix - - n - 1 proxymap
15 smtp unix - - y - - smtp
16 relay unix - - y - - smtp
17 -o syslog_name=postfix/$service_name
18 showq unix n - y - - showq
19 error unix - - y - - error
20 retry unix - - y - - error
21 discard unix - - y - - discard
22 local unix - n n - - local
23 virtual unix - n n - - virtual
24 lmtp unix - - y - - lmtp
25 anvil unix - - y - 1 anvil
26 scache unix - - y - 1 scache
27 postlog unix-dgram n - n - 1 postlogd
28 maildrop unix - n n - - pipe
29 flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
30 uucp unix - n n - - pipe
31 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
32 ifmail unix - n n - - pipe
33 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
34 bsmtp unix - n n - - pipe
35 flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
36 scalemail-backend unix - n n - 2 pipe
37 flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
38 mailman unix - n n - - pipe
39 flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
Dockerfile
1 FROM debian:bookworm
2
3 RUN apt update
4 RUN apt install -y debconf && \
5 echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
6 echo "postfix postfix/mailname string example.org" | debconf-set-selections
7 RUN apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d dovecot-imapd libsasl2-2 sasl2-bin libsasl2-modules procps iproute2 iputils-ping
8
9 COPY main.cf /etc/postfix/main.cf
10 COPY 10-mail.conf /etc/dovecot/conf.d/10-mail.conf
11 COPY master.cf /etc/postfix/master.cf
12 COPY saslauthd /etc/default/saslauthd
13 COPY mailstart.sh /root/
14 COPY smtpd.conf /etc/postfix/sasl/smtpd.conf
15
16 RUN useradd -m anonymous
17 RUN echo 'anonymous:guest' | chpasswd
18 RUN touch /var/mail/anonymous
19 RUN chown anonymous:mail /var/mail/anonymous
20 RUN chmod o-r /var/mail/anonymous
21 RUN chmod g+rw /var/mail/anonymous
22 RUN rsyslogd
23 RUN dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
24 RUN usermod -a -G sasl postfix
25 RUN mkdir -p /var/spool/postfix/var/run/saslauthd
26 RUN chown root:sasl /var/spool/postfix/var/run/saslauthd
27 RUN chmod 710 /var/spool/postfix/var/run/saslauthd
28
29 CMD ["sh","/root/mailstart.sh"]
10-mail.conf
build.sh
run.sh
Send email SMTP
1 openssl s_client -connect 127.0.0.1:25 -starttls smtp
2 EHLO test
3 250-mail.example.org
4 250-PIPELINING
5 250-SIZE 10240000
6 250-VRFY
7 250-ETRN
8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
10 250-ENHANCEDSTATUSCODES
11 250-8BITMIME
12 250-DSN
13 250 CHUNKING
14 AUTH LOGIN
15 334 VXNlcm5hbWU6
16 YW5vbnltb3Vz
17 334 UGFzc3dvcmQ6
18 Z3Vlc3Q=
19 235 2.7.0 Authentication successful
20 mail from: root@example.org
21 250 2.1.0 Ok
22 rcpt to: anonymous@example.org
23 250 2.1.5 Ok
24 data
25 354 End data with <CR><LF>.<CR><LF>
26 a2 111222
27 .
28 250 2.0.0 Ok: queued as 8AE891694FA
29 quit
Get message POP3S
1 openssl s_client -connect localhost:995 -ign_eof
2 +OK Dovecot (Debian) ready.
3 USER anonymous
4 +OK
5 PASS guest
6 +OK Logged in.
7 LIST
8 +OK 1 messages:
9 1 423
10 .
11 +OK 423 octets
12 Return-Path: <root@example.org>
13 X-Original-To: anonymous@example.org
14 Delivered-To: anonymous@example.org
15 Received: from test (localhost [127.0.0.1])
16 by mail.example.org (Postfix) with ESMTPSA id AA1A7167F56
17 for <anonymous@example.org>; Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
18 Message-Id: <20231028183815.AA1A7167F56@mail.example.org>
19 Date: Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
20 From: root@example.org
21
22 a2 111222
23 .
24 quit
Send to port 587 SMTPS
1 openssl s_client -connect 127.0.0.1:587 -starttls smtp
2 EHLO test
3 250-mail.example.org
4 250-PIPELINING
5 250-SIZE 10240000
6 250-VRFY
7 250-ETRN
8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
10 250-ENHANCEDSTATUSCODES
11 250-8BITMIME
12 250-DSN
13 250 CHUNKING
14 AUTH LOGIN
15 334 VXNlcm5hbWU6
16 YW5vbnltb3Vz
17 334 UGFzc3dvcmQ6
18 Z3Vlc3Q=
19 235 2.7.0 Authentication successful
20 mail from: root@example.org
21 250 2.1.0 Ok
22 rcpt to: anonymous@example.org
23 250 2.1.5 Ok
24 data
25 354 End data with <CR><LF>.<CR><LF>
26 test 1
27 .
28 250 2.0.0 Ok: queued as 3823B169398
29 quit
30 221 2.0.0 Bye
31 closed
Get message using IMAPS
1 openssl s_client -connect localhost:993 -ign_eof
2 * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Debian) ready.
3 a1 login anonymous guest
4 a1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
5 a1 list "" "*"
6 * LIST (\HasNoChildren) "." INBOX
7 a1 OK List completed (0.002 + 0.000 + 0.001 secs).
8 a1 select INBOX
9 * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
10 * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
11 * 1 EXISTS
12 * 0 RECENT
13 * OK [UNSEEN 1] First unseen.
14 * OK [UIDVALIDITY 1769860686] UIDs valid
15 * OK [UIDNEXT 2] Predicted next UID
16 a1 OK [READ-WRITE] Select completed (0.003 + 0.000 + 0.002 secs).
17 a1 FETCH 1:* (ENVELOPE)
18 * 1 FETCH (ENVELOPE ("Sat, 31 Jan 2026 11:52:49 +0000 (UTC)" NIL ((NIL NIL "root" "example.org")) ((NIL NIL "root" "example.org")) ((NIL NIL "root" "example.org")) NIL NIL NIL NIL "<20260131115257.87B2E183508@mail.example.org>"))
19 a1 OK Fetch completed (0.004 + 0.000 + 0.003 secs).
20 A1 FETCH 1 (BODY[TEXT])
21 * 1 FETCH (FLAGS (\Seen) BODY[TEXT] {11}
22 hello hey
23 )
24 A1 OK Fetch completed (0.007 + 0.000 + 0.006 secs).
25 A1 FETCH 1 (BODY[])
26 * 1 FETCH (BODY[] {423}
27 Return-Path: <root@example.org>
28 X-Original-To: anonymous@example.org
29 Delivered-To: anonymous@example.org
30 Received: from test (localhost [127.0.0.1])
31 by mail.example.org (Postfix) with ESMTPSA id 87B2E183508
32 for <anonymous@example.org>; Sat, 31 Jan 2026 11:52:49 +0000 (UTC)
33 Message-Id: <20260131115257.87B2E183508@mail.example.org>
34 Date: Sat, 31 Jan 2026 11:52:49 +0000 (UTC)
35 From: root@example.org
36
37 hello hey
38 )
39 A1 OK Fetch completed (0.008 + 0.000 + 0.007 secs).
40 a1 logout
41 * BYE Logging out
42 a1 OK Logout completed (0.001 + 0.000 secs).