Can't send mail through ssl with my virtual domains from an external webmail

Question

I having issues with postfix to send mail through SSL from an external webmail. I have several domain setup on my server configured in postfix with mysql. When I send mail with my main domain domain1.com everything works fine but if send mail from domain2.com I get this into my log:

Note that if I disable SSL on the webmail it works.

connect from unknown[78.209.78.XXX]
timeout after UNKNOWN from unknown[78.209.78.XXX]
disconnect from unknown[78.209.78.XXX]

Here is my main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
disable_vrfy_command = yes
smtpd_helo_required = yes
append_dot_mydomain = no

mydomain= domain1.com
myhostname = domain1.com
myorigin = $mydomain
mydestination = XXX.kimsufi.com, localhost.kimsufi.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

alias_maps = hash:/etc/aliases
queue_directory = /var/spool/postfix
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

virtual_mailbox_domains = mysql:/etc/postfix/mysql/mailbox-domains.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/alias-maps.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom

mail local si actif
smtpd_recipient_restrictions = permit_sasl_authenticated,
 permit_mynetworks,
 reject_unauth_destination,
 check_policy_service unix:private/policy, # SPF
 permit
 #check_relay_domains

smtpd_sasl_auth_enable  = yes
smtpd_sasl_type         = dovecot
smtpd_sasl_path         = private/authnoactive, mutual_auth
broken_sasl_auth_clients = yes

# DKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891

Note that on the webmail, I've set the smtp server to mail.domain1.com since I've read that I have to use the domain defined as Common Name in the tls certificate .

What I want is to make it work with SSL. Any idea about why it's not working ?

Edit

---

Here is new informations:

It seem that the problem is not related to domain1 or domain2 but occur only with new configurations. I had a domain that was setup since more than a year and everything was working fine. I removed it from my webmail and reconfigured it and now, I can't send mail.

While I was configuring it, I saw that it was asking me to use my https certificat and not the postfix one. So maybe the problem come from there but I don't know how to solve it.

Here is my apache conf:

<VirtualHost _default_:80>
  include /etc/apache2/domain.conf

</VirtualHost>

<VirtualHost _default_:443>
  include /etc/apache2/domain.conf

  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/cert-domain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key
  SSLCACertificateFile /etc/apache2/ssl/GandiStandardSSLCA.pem
  SSLVerifyClient None
</VirtualHost>

Also if I do openssl s_client -connect localhost:465 I get that:

CONNECTED(00000003)
11508:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:607:

I don't know if it's normal for a self signed certificat.

Answer 1

Postfix is not listening in smtpd_tls_wrappermode on port 465, but rather as a standard smtp server.

Your master.cf should contain a (multipart) line simliar to

smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

However, it likely only has

smtps inet n - n - - smtpd