Closed katefike closed 6 months ago
kfike@pop-os:~$ telnet prod.sagefinancial.dev 587
Trying 178.128.132.77...
Connected to prod.sagefinancial.dev.
Escape character is '^]'.
220 prod ESMTP Postfix (Ubuntu)
ehlo prod.sagefinancial.dev
250-prod
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
MAIL FROM: <support@port25.com>
250 2.1.0 Ok
RCPT TO: <kfike@prod.sagefinancial.dev>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Test email
This is a test email. 24011501
.
250 2.0.0 Ok: queued as AA027C4397
quit
221 2.0.0 Bye
Connection closed by foreign host.
kfike@prod:~/sage$ docker compose -f docker-compose.yml -f docker-compose.prod.yml up
kfike@prod:~/sage$ source ~/sage/.venv/bin/activate
(.venv) kfike@prod:~/sage$ python3 scripts/get_all_emails.py
kfike@prod:~/sage$ docker exec -it sage-mailserver bash
root@6c310f1436ce:/# cat /etc/postfix/master.cf
root@6c310f1436ce:/# cat /etc/postfix/main.cf
Shows the expiration date
sudo openssl x509 -enddate -noout -in /etc/letsencrypt/live/prod.sagefinancial.dev/fullchain.pem | cut -d= -f2
Dec 13 02:20:04 2023 GMT
In this case the certs were expired.
Problem
I can receive an email over port 587 from telnet. But not from gmail.
Solution
Trying to only receive email on port 587 was a fool's errand (explained in this Server Fault post). TLS enforcement is derived from the postfix config. Namely
smtpd_tls_security_level=encrypt
. The MX need only listen on port 25 for SMTPD.Testing
The MX rejects non-TLS submissions.
Emails is received when using
STARTTLS
And Gmail