# What does this error mean?



## ranggadablues (Feb 14, 2012)

hello..

I try connect to my localhost with telnet

```
telnet localhost 25
```
and it show like this

```
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo test.com
Connection closed by foreign host.
```

then I look to my maillog

```
Feb 14 17:10:33 server postfix/smtpd[5557]: connect from localhost[127.0.0.1]
Feb 14 17:10:35 server postfix/smtpd[5557]: SSL_accept error from localhost[127.0.0.1]: -1
Feb 14 17:10:35 server postfix/smtpd[5557]: warning: TLS library problem: 5557:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
 protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:578:
Feb 14 17:10:35 server postfix/smtpd[5557]: lost connection after CONNECT from localhost[127.0.0.1]
```

truely I don't know with this error message, so someone can help me?

thanks


----------



## vand777 (Feb 14, 2012)

I have feeling that instead of telnet you should use s_client:

```
# openssl s_client -connect localhost:25
```


----------



## SirDice (Feb 14, 2012)

Your mailserver seems to be incorrectly configured. You have enabled SSL/TLS on the standard port 25. SMTPS (SMTP over SSL/TLS) should run on port 587.


----------



## ranggadablues (Feb 15, 2012)

thanks for reply..

vand777 
why I should use s_client not telnet? could you explain? because I'm new in mailserver 

SirDice
ya I use SSL/TLS on standart port 25, it is wrong? I read on this link http://www.purplehat.org/?page_id=4 and I followed all instruction, if it's wrong where I should change on my mailserver settings

thank you..


----------



## kpa (Feb 15, 2012)

TLS on port 25 isn't exactly wrong but it's tricky get it right if you're using the same port for both unencrypted SMTP from the outside world (mail coming to your domain) and TLS/AUTH for anyone wanting to relay mail trough your server. Moving the MSA (mail submission agent) service that supports TLS/AUTH to port 587 is better because you can then leave the smtpd listening on port 25 at standard settings and use different set of settings (for example require TLS on all connections) on the MSA service at port 587.

Here's an example what I'm talking about, I used this as guide for setting up an MSA on mail/postfix for a company I worked for few years ago, it's for Linux but much of it applies to FreeBSD as well:

http://www.davekb.com/browse_computer_tipsostfix_submission:txt


----------



## White_Mad_Hatter (Feb 15, 2012)

s_client is a ssl/tls debugging utility. It will also alow you to make connections over SSL/TLS. Telnet dose not understand how to interpret ssl/tls connections so to use telnet will fail when you try to make the ehlo or helo command.

http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol  It*'*s a good reference on SMTP setup.


----------



## ranggadablues (Feb 15, 2012)

*H*ello,

*T*hanks kpa for explaining, but here I not setting my firewall yet, and from link you gave it says "You'll need to open port 587 in your firewall" after that I search for cyrus port there is not found. So what I have to do?
*N*ow I try to telnet localhost again:


```
server# telnet localhost 25
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Trying ::1...
telnet: connect to address ::1: Connection refused
telnet: Unable to connect to remote host
```

I just uncomment in master.cf

```
smtps     inet  n       -       n       -       -       smtpd
```

*A*ny suggestion?
*T*hank you.


----------



## kpa (Feb 15, 2012)

If I remember right the smtps is the SSL encrypted service that listens on port 465, that may not be what you want. You can see what service is listening on what port by running:

`$ sockstat -l`

Yes, if you decide to make a separate MSA service that listens on port 587 you'll have to open access to port 587 on your firewall in addition to port 25.

I'd recommend that you start reading the postfix documentation and read anything you can find about SMTP before going any further with your mailserver, SMTP is a very complex protocol and it's too easy to make a mistake that opens up your mailserver to the hostile world as an open relay. 

This and the wikipedia entry on SMTP should get you started:

http://www.postfix.org/documentation.html


----------

