Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Postfix TLS Error After Upgrading to 2.2.2 (Solved)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
segedunum
n00b
n00b


Joined: 03 Jul 2004
Posts: 29
PostPosted: Wed Jul 06, 2005 9:52 pm    Post subject: Postfix TLS Error After Upgrading to 2.2.2 (Solved) Reply with quote
I recently upgraded to Postfix 2.2.2 from 2.1.5, and everything seems fine except that I did have TLS enabled (and still have) for it and it now doesn't seem to be working. The reason why I didn't see it up until now is that all my clients have the option 'TLS if Available' set so it then defaults to plain communication. What I'm seeing in my messages is this:

    initializing the server-side TLS engine
    warning: connect to private/tlsmgr: No such file or directory
    warning: connect to private/tlsmgr: No such file or directory
    warning: problem talking to server private/tlsmgr: No such file or directory
    warning: no entropy for TLS key generation: disabling TLS support
    lost connection after STARTTLS from unknown

Is there some post-install procedure for Postfix I've possibly missed when going from 2.1.x to 2.2.x, and if so, what is it?

Last edited by segedunum on Sat Jul 23, 2005 5:15 pm; edited 1 time in total
Back to top
View user's profile Send private message
sumerian
n00b
n00b


Joined: 06 Nov 2004
Posts: 11
PostPosted: Wed Jul 06, 2005 10:26 pm    Post subject: Reply with quote
Check your mail server logs. Does it say something about sdbm not being supported? Go through /etc/postfix/main.cf or whereever your ssl settings are, and change your *tls_session_cache_database lines (smtp_ and smtpd_)
Back to top
View user's profile Send private message
segedunum
n00b
n00b


Joined: 03 Jul 2004
Posts: 29
PostPosted: Sat Jul 23, 2005 5:14 pm    Post subject: Postfix TLS Error After Upgrading to 2.2.2 (Solved) Reply with quote
Recently came back to this after some time and solved it. You need to read this:

http://www.postfix.org/TLS_README.html#compat

You need to have this line in your main.cf Postfix file:

Code:
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache


In Postfix 2.2.x and above you need to use a btree database as opposed to dbm. You also need to alter your master.cf file, unless you've overwritten it. You need to change the line:

Code:
tlsmgr    fifo  -


to

Code:
tlsmgr    unix  -


The smtp and smtpd processes now use a client-server protocol in order to access the tlsmgr pseudo-random number generation (PRNG) pool, and in order to access the TLS session cache databases. Such a protocol cannot be run across fifos.

Make sure that your crt, key and certificate authority files are pointing to the write place and then restart Postfix and re-try. TLS should then work fine with Postfix >=2.2.x if you've just upgraded from anything lower.

Hope that helps.
Back to top
View user's profile Send private message
Darknight
Guru
Guru


Joined: 26 Jan 2004
Posts: 485
Location: Italy
PostPosted: Wed Mar 22, 2006 11:20 am    Post subject: Reply with quote
Thanks this post saved my day :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy