использовать outlook connect для postfix на ubuntu 16.04 не удастся, показалось, что tls установлен, и может подключиться к успеху imap, но отправить тестовую почту не удастся, если использовать roundcube без tls, можно зарегистрировать imap и smtp, а также успешно отправить почту получателя , здесь log:
Sep 10 18:40:01 xiedeacc postfix/smtpd[5536]: Anonymous TLS connection established from unknown[122.226.185.66]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
здесь мы можем видеть, что tls установлено, но отправка почты будет отклонена postfix
Sep 10 18:40:01 xiedeacc postfix/smtpd[5536]: NOQUEUE: reject: RCPT from unknown[122.226.185.66]: 554 5.7.1 <unknown[122.226.185.66]>: Client host rejected: Access denied; from=<test1@xiedeacc.com> to=<test1@xiedeacc.com> proto=ESMTP helo=<yangzhenxieNB4>
здесь main.cf
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
#smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, check_sender_access hash:/etc/postfix/sender_access, permit
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access, permit
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject_rbl_client anti-spam.org.cn, permit_mynetworks, permit_inet_interfaces, permit_sasl_authenticated, reject
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, permit_auth_destination, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:/var/spool/postfix/var/run/postgrey/socket, reject
#smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/mysql_block_recip.cf
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject
здесь master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_inet_interfaces,permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_hostname,reject_invalid_hostname,permit
-o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,permit
-o smtpd_recipient_restrictions=permit_auth_destination,reject_unauth_pipelining,permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,reject
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smptd_tls_auth_only=yes
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
-o smtpd_tls_cert_file=/etc/ssl/certs/xiedeacc.com.crt
-0 smtpd_tls_key_file=/etc/ssl/private/xiedeacc.com.nopassword.key
-o smtpd_client_restrictions=permit_mynetworks,permit_inet_interfaces,permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_hostname,reject_invalid_hostname,permit
# -o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_unauth_pipelining,permit
-o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,permit
-o smtpd_recipient_restrictions=permit_auth_destination,reject_unauth_pipelining,permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,reject
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject
-o milter_macro_daemon_name=ORIGINATING