Postfix TLS problem on CentOS 5.2
 

Hello, Im running postfix 2.5.5, sasl and tls.

the configuration of postfix is fine, or it should be for sasl and tls:

smtp_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_CApath = /etc/ssl/smtpd
smptpd_tls_cert_file = /etc/ssl/smtpd/smtpd.crt
smtpd_tls_key_file = /etc/ssl/smtpd/smtpd.key
smtpd_tls_CAfile = /etc/ssl/smtpd/cacert.pem
smtpd_tls_received_header = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_recieved_header = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

the .crt, .key and .pem file exist and should be perfectly good.

[root@viperhost smtpd]# pwd
/etc/ssl/smtpd
[root@viperhost smtpd]# ls -la
total 28
drwxr-xr-x 2 root root 4096 Oct 31 20:58 .
drwxr-xr-x 5 root root 4096 Oct 31 20:56 ..
-r--r--r-- 1 root root 1367 Oct 31 20:58 cacert.pem
-r--r--r-- 1 root root 963 Oct 31 20:58 cakey.pem
-r--r--r-- 1 root root 997 Oct 31 20:58 smtpd.crt
-r--r--r-- 1 root root 725 Oct 31 20:58 smtpd.csr
-r--r--r-- 1 root root 891 Oct 31 20:58 smtpd.key
[root@viperhost smtpd]#

But TLS doesnt work, postfix ... sends an error:

postfix/smtpd[11554]: warning: No server certs available. TLS won't be enabled

Does anyone have an idea what the hell is going on!?

Might it have something to do with misspelling smptpd_tls_cert_file? It should be smtpd_tls_cert_file.

Hello, you where so right... :) But still postfix doesnt work with TLS:

250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Wonder why?!

Have you configured the client to use TLS when it connects?

Sorry?! What do u mean? Postfix configuration?

This shows that postfix offers TLS. Try to connect manually
to make sure it works:
You should then make sure the client programs (e.g. Thunderbird and Outlook)
are configured to make use TLS. This is what billymayday meant.

Required reading for what you're doing is this and this.

I just noticed another misspelling in your config:

Hey, it works somewhat I would say, also corrected the smtpd_tls_received_header = yes.

---
No client certificate CA names sent
---
SSL handshake has read 1350 bytes and written 341 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: B9530CCA789C5032D33DB1A23148937CA00E444D9BD7D510BD9DD79E12C34E61
Session-ID-ctx:
Master-Key: BE9BD33223549B410B6C515926FF244B096A23E5EC2C16222D6660CBB7D1C791A9DE1BE795EDC1D3A2FA3AAE94EB28AD
Key-Arg : None
Krb5 Principal: None
Start Time: 1225558069
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---


But im watching the mail logs and I see this:

postfix/smtpd[1606]: setting up TLS connection from localhost[127.0.0.1]
postfix/smtpd[1606]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

Still im doing something wrong!?

Maybe you should say what you expect, and why you think something's wrong.

Im expecting the mail server to offer the certificate which I setup for postfix.

But if this work fine... then ok, I just dont know why is sending Anonymous TLS connection...

The anonymous one is the client. If you look at the entire output (see below), you will see that postfix offers the certificate you expected. You can save the output to a file like this:

Well it does work, just asking about the Anonymous... If its ok and it should happen, then Im happy :)

But I also have the problems with the dovecot and postfix

Please check out this one: http://www.linuxquestions.org/questi...users.-680447/

Thanks guys for the help!