Gentoo Forums :: View topic - postfix/smtpd No server certs available TLS won't be enabled

postfix/smtpd No server certs available TLS won't be enabled

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

hexa
Apprentice

Joined: 10 Aug 2005
Posts: 163

Posted: Thu Dec 18, 2008 3:22 pm Post subject: postfix/smtpd No server certs available TLS won't be enabled

Code:

Dec 18 16:25:22 ibm1 postfix/smtpd[15368]: warning: No server certs available. TLS won't be enabled
Dec 18 16:25:22 ibm1 postfix/smtpd[15368]: connect from unknown[10.30.30.3]
Dec 18 16:25:22 ibm1 postfix/smtpd[15368]: warning: Wrapper-mode request dropped from unknown[10.30.30.3] for service smtp. TLS context initialization failed. For details see earlier warnings in your logs.
Dec 18 16:25:22 ibm1 postfix/smtpd[15368]: disconnect from unknown[10.30.30.3]

Hi, i'm installing postfix+dovecot(sasl)+mysql. I'm having problems with smtp auth and ssl connections. I'm not sure where do i have to put my ssl certificates. Please advise me on that. Here are my config files and other info. BTW imap(s) login works O.K.

Code:

ibm1 ~ # ls -la /etc/ssl/dovecot/server.key
-r-------- 1 dovecot mail 887 Dec 11 11:38 /etc/ssl/dovecot/server.key
ibm1 ~ # ls -la /etc/ssl/dovecot/server.pem
-r-------- 1 dovecot mail 1930 Dec 11 11:38 /etc/ssl/dovecot/server.pem

ibm1 ~ # dovecot -n
# 1.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.25-hardened-r10X x86_64 Gentoo Base System release 2.0.0 reiserfs
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_greeting: X.
login_process_per_connection: no
login_process_size: 128
login_max_connections: 128
first_valid_uid: 8999
last_valid_uid: 9001
first_valid_gid: 8999
last_valid_gid: 9001
mail_uid: virtmail
mail_gid: virtmail
mail_location: maildir:/mailsql/mailroot/%u:INDEX=/mailsql/mailrootindex/%u
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib64/dovecot/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/imap
mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3
auth default:
mechanisms: plain login cram-md5 digest-md5
user: virtmail
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: prefetch
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix

ibm1 ~ # postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib64/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.5.1/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = localhost
mydomain = ibmcluster1X
myhostname = ibmcluster1X
mynetworks = 10.30.0.20/32, 10.30.0.19/32, 10.30.1.19/32, 10.30.1.20/32
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.1/readme
relay_domains = proxy:mysql:/mailsql/postfix_conf/mysql_relay_domains_maps.cf
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks
smtpd_tls_wrappermode = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/mailsql/postfix_conf/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:9000
virtual_mailbox_base = /mailsql/mailroot
virtual_mailbox_domains = proxy:mysql:/mailsql/postfix_conf/mysql_virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/mailsql/postfix_conf/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = proxy:mysql:/mailsql/postfix_conf/mysql_virtual_mailbox_maps.cf
virtual_maildir_limit_message = Sorry, the user's mailbox has overdrawn his diskspace quota, please try again later.
virtual_minimum_uid = 8999
virtual_overquota_bounce = yes
virtual_transport = virtual
virtual_uid_maps = static:9000

Thank you for your time.

Exil
Apprentice

Joined: 10 Oct 2005
Posts: 251
Location: Nibylandia

Posted: Thu Dec 18, 2008 3:31 pm Post subject:

http://www.postfix.org/TLS_README.html#server_cert_key Read that.

hexa
Apprentice

Joined: 10 Aug 2005
Posts: 163

Posted: Fri Dec 19, 2008 8:58 am Post subject:

Cool. Thanx!

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy