LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix / TLS Help (http://www.linuxquestions.org/questions/linux-server-73/postfix-tls-help-741739/)

carlosinfl 07-21-2009 12:33 PM

Postfix / TLS Help
 
I am trying to get Postfix to work using SASL and TLS. Last week I configured Dovecot to utilize my Verisign SSL certificates for TLS on Imap4 which appears to be working perfect. Now I would like the same thing on the SMTP side for Postfix.

I followed this guide in order to 1st get SASL working. It appears to be working fine.

Code:

[root@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.iamghost.com ESMTP
EHLO iamghost.com
250-mail.iamghost.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN FB36s8djkwBzEwmJaz1jgGnaT=
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye

So I can see that SASL authentication is working fine above...

Now when I try and get TLS working, I get an error from my client forcing TLS encryption while sending mail:

"Unable to connect to SMTP server via STARTLS since it does not offer STARTLS in EHLO response. Please verify your settings."

I am thinking the problem is my Verisign SSL certificates. Either Postfix can't access them because of the passphrase on my private key or something else is wrong. Does anyone know how I can self sign my own certificate I generate myself via OpenSSL? I am guessing I still need a CA for my self signed certificate.

carlosinfl 07-22-2009 01:31 PM

This is resolved. Postfix was unable to use my SSL certificate because it was passphrase protected. I had to remove the passphrase from the server...


All times are GMT -5. The time now is 03:18 AM.