LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-06-2014, 10:27 AM   #1
Selenis
LQ Newbie
 
Registered: Feb 2014
Posts: 11

Rep: Reputation: Disabled
POSTFIX: setup TLS unexpected behaviour


hi all!
System: RHEL 5, Apache 2.2.3, Postfix 2.5.6

I have been trying to enable TLS on our postfix server following this tutorial:
http://postfix.state-of-mind.de/patr...s_support.html

this is the TLS section in my main.cf:

smtpd_tls_security_level = may
#smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/cert/ssl-key.pem
smtpd_tls_cert_file = /etc/postfix/cert/ssl-cert.pem
smtpd_tls_CAfile = /etc/postfix/cert/ssl-ca.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

The issue is that clients still can't connect SMTP when attempting to send with SSL enabled

another problem is, that when I test if the server is advertising TLS with "telnet mail.{mydomain}.com 25" it shows the AUTH and STARTTLS line only when I call this command on the server itself, but it does not show the STARTTLS line when i check the server from another client.
So it seems that postfix only advertises TLS to localhost?

The certificate is from Globalsign, the only difference is that I didn't create the key myself. It was created by my Webhost, but it was created for the correct domain.

what am I missing? any help is appreciated.

Last edited by Selenis; 11-06-2014 at 10:28 AM. Reason: spelling etc.
 
Old 11-14-2014, 09:44 PM   #2
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,578
Blog Entries: 31

Rep: Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208
IDK what's wrong with your config but you haven't had any answers for several days and a working system's config file might help (it's Debian 7 Wheezy):
Code:
/etc/postfix# grep tls main.cf
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL 6 openldap strange TLS behaviour fritz001 Linux - Server 1 08-28-2012 04:02 PM
Postfix / TLS Help carlosinfl Linux - Server 1 07-22-2009 01:31 PM
Postfix TLS query i_nomad Linux - Newbie 2 06-24-2008 03:02 AM
Problem with TLS in Postfix norbert_999 Linux - Server 11 06-10-2008 07:25 AM
Postfix TLS and SMTP i_nomad Linux - Security 2 05-20-2008 07:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration