Postfix TLS problem on CentOS 5.2
Hello, Im running postfix 2.5.5, sasl and tls.
the configuration of postfix is fine, or it should be for sasl and tls: smtp_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtpd_tls_CApath = /etc/ssl/smtpd smptpd_tls_cert_file = /etc/ssl/smtpd/smtpd.crt smtpd_tls_key_file = /etc/ssl/smtpd/smtpd.key smtpd_tls_CAfile = /etc/ssl/smtpd/cacert.pem smtpd_tls_received_header = no smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 tls_random_source = dev:/dev/urandom smtpd_tls_session_cache_timeout = 3600s smtpd_tls_recieved_header = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_sasl_local_domain = $myhostname smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination the .crt, .key and .pem file exist and should be perfectly good. [root@viperhost smtpd]# pwd /etc/ssl/smtpd [root@viperhost smtpd]# ls -la total 28 drwxr-xr-x 2 root root 4096 Oct 31 20:58 . drwxr-xr-x 5 root root 4096 Oct 31 20:56 .. -r--r--r-- 1 root root 1367 Oct 31 20:58 cacert.pem -r--r--r-- 1 root root 963 Oct 31 20:58 cakey.pem -r--r--r-- 1 root root 997 Oct 31 20:58 smtpd.crt -r--r--r-- 1 root root 725 Oct 31 20:58 smtpd.csr -r--r--r-- 1 root root 891 Oct 31 20:58 smtpd.key [root@viperhost smtpd]# But TLS doesnt work, postfix ... sends an error: postfix/smtpd[11554]: warning: No server certs available. TLS won't be enabled Does anyone have an idea what the hell is going on!? |
Might it have something to do with misspelling smptpd_tls_cert_file? It should be smtpd_tls_cert_file.
|
Hello, you where so right... :) But still postfix doesnt work with TLS:
250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Wonder why?! |
Have you configured the client to use TLS when it connects?
|
Sorry?! What do u mean? Postfix configuration?
|
Code:
250-STARTTLS to make sure it works: Code:
openssl s_client -connect ip.add.re.ss:25 -starttls smtp are configured to make use TLS. This is what billymayday meant. Required reading for what you're doing is this and this. I just noticed another misspelling in your config: Code:
smtpd_tls_recieved_header = yes |
Hey, it works somewhat I would say, also corrected the smtpd_tls_received_header = yes.
--- No client certificate CA names sent --- SSL handshake has read 1350 bytes and written 341 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: B9530CCA789C5032D33DB1A23148937CA00E444D9BD7D510BD9DD79E12C34E61 Session-ID-ctx: Master-Key: BE9BD33223549B410B6C515926FF244B096A23E5EC2C16222D6660CBB7D1C791A9DE1BE795EDC1D3A2FA3AAE94EB28AD Key-Arg : None Krb5 Principal: None Start Time: 1225558069 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- But im watching the mail logs and I see this: postfix/smtpd[1606]: setting up TLS connection from localhost[127.0.0.1] postfix/smtpd[1606]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Still im doing something wrong!? |
Quote:
|
Im expecting the mail server to offer the certificate which I setup for postfix.
But if this work fine... then ok, I just dont know why is sending Anonymous TLS connection... |
The anonymous one is the client. If you look at the entire output (see below), you will see that postfix offers the certificate you expected. You can save the output to a file like this:
Code:
openssl s_client -connect ip.add.re.ss:25 -starttls smtp </dev/null >output.txt |
Well it does work, just asking about the Anonymous... If its ok and it should happen, then Im happy :)
But I also have the problems with the dovecot and postfix Please check out this one: http://www.linuxquestions.org/questi...users.-680447/ Thanks guys for the help! |
All times are GMT -5. The time now is 04:18 PM. |