Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Postfix + TLS doesn't work
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
neonknight
Guru
Guru


Joined: 19 Jul 2003
Posts: 357
Location: Zurich, Switzerland
PostPosted: Tue Oct 19, 2004 7:29 pm    Post subject: Postfix + TLS doesn't work Reply with quote
I've been trying to get this fscking TLS to work with Postfix and I'm close to despair... There's no help available from google or this forum so far...

I followed the guide from https://forums.gentoo.org/viewtopic.php?t=56633 and most things work correctly. Apache/PHP formmailers can send email, Squirrelmail works and if I turn off authentification I can also send mail from any mua on my computers.

After the start of postfix I get the followin log-message as soon as I try to connect, either via an mua oder via telnet localhost 25:

Code:

Oct 19 21:10:19 morningstar postfix/postfix-script: starting the Postfix mail system
Oct 19 21:10:19 morningstar postfix/master[31068]: daemon started -- version 2.1.3
Oct 19 21:10:22 morningstar postfix/smtpd[31077]: starting TLS engine
Oct 19 21:10:22 morningstar postfix/smtpd[31077]: TLS engine: do need at least RSA _or_ DSA cert/key data
Oct 19 21:10:22 morningstar postfix/smtpd[31077]: connect from localhost[127.0.0.1]
Oct 19 21:10:33 morningstar postfix/smtpd[31077]: disconnect from localhost[127.0.0.1]


If I connect via telnet and do an "ehlo localhost" and "starttls", I get the following telnet output:
Code:

morningstar misc # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 neonknight.homelinux.org ESMTP Postfix
ehlo localhost
250-neonknight.homelinux.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
starttls
454 TLS not available due to temporary reason
quit
221 Bye
Connection closed by foreign host.


my /etc/postfix/main.cf is as following:
Code:

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
myhostname = neonknight.homelinux.org
mydomain = neonknight.homelinux.org
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain $mydomain
unknown_local_recipient_reject_code = 450
mynetworks_style = subnet
mynetworks = 127.0.0.0/8, 192.168.0.0/24
relayhost = pop.econophone.ch
home_mailbox = .maildir/
mailbox_command = /usr/bin/procmail
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.1.3/readme
default_destination_concurrency_limit = 2
alias_database = hash:/etc/mail/aliases
local_destination_concurrency_limit = 2
alias_maps = hash:/etc/mail/aliases
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_fle = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous


The certificates have been created according to http://www.gentoo.org/doc/en/virt-mail-howto.xml#doc_chap5


So, what's wrong? I think postfix either doesn't find the certificates or can't read them. Postfix is not executed in a chroot and the rights of the certificate-files are 644...

Thanks in advance for your patience and help!
Back to top
View user's profile Send private message
kronepils
n00b
n00b


Joined: 19 Oct 2004
Posts: 3
PostPosted: Tue Oct 19, 2004 8:32 pm    Post subject: postfix Reply with quote
hmmmm.... Sounds wierd. It's a bit hard for me to see what is wrong. In my main.cf I have:

Code:

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_local_domain = mail2
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

smtpd_sasl_password_maps = hash:/etc/sasl2/sasldb2

smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = /etc/postfix/postfix.pem
smtpd_tls_CAfile = /etc/postfix/ca.pem
smtpd_tls_loglevel = 1
smtpd_starttls_timeout = 300s
tls_random_source = dev:/dev/urandom


And that is working! I have my setup from http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html

Try that!


Troels
_________________
Goddamn it Krystle, do I have to be poor to turn you on?
--Blake Carrington, Dynasty
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
PostPosted: Tue Oct 19, 2004 8:58 pm    Post subject: Re: Postfix + TLS doesn't work Reply with quote
neonknight wrote:

Code:

Oct 19 21:10:19 morningstar postfix/postfix-script: starting the Postfix mail system
Oct 19 21:10:19 morningstar postfix/master[31068]: daemon started -- version 2.1.3
Oct 19 21:10:22 morningstar postfix/smtpd[31077]: starting TLS engine
Oct 19 21:10:22 morningstar postfix/smtpd[31077]: TLS engine: do need at least RSA _or_ DSA cert/key data
Oct 19 21:10:22 morningstar postfix/smtpd[31077]: connect from localhost[127.0.0.1]
Oct 19 21:10:33 morningstar postfix/smtpd[31077]: disconnect from localhost[127.0.0.1]



I would guess that your certificates (don't know which one) were created incorrectly - your config looks fine though.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
neonknight
Guru
Guru


Joined: 19 Jul 2003
Posts: 357
Location: Zurich, Switzerland
PostPosted: Wed Oct 20, 2004 3:14 pm    Post subject: Reply with quote
Wooooooooohoooooooooo I found the mistake... You won't believe it, just a little typo in main.cf:
Code:

smtpd_tls_cert_fle = /etc/postfix/newcert.pem

The irritating factor: postfix check did not complain :(
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy