| View previous topic :: View next topic |
| Author |
Message |
NotQuiteSane
Guru
Joined: 30 Jan 2005
Posts: 488
Location: Klamath Falls, Jefferson, USA, North America, Midgarth
|
 Posted: Thu Jul 22, 2010 2:36 am Post subject: postfix-2.6.6 TLS error |
 |
|
Hi peeps. I'm seeing the following errors:
| /var/log/mail.info: | Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting |
| /var/log/mail.log: | Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting |
what has me confused is that there is no tls use flag for postfix:
| Code: | | [ebuild R ] mail-mta/postfix-2.6.6 USE="cdb hardened ipv6 ldap mbox mysql nis pam postgres sasl ssl vda -dovecot-sasl (-selinux)" 3,262 kB |
so, how do I get tls compiled in? i've been searching since yesterday, but i'm not finding anything relevent. any help to find a solution would be appreciated
NQS
_________________
These opinions are mine, mine I say! Piss off and get your own.
As I see it -- An irregular blog, Improved with new location
To delete French language packs from system use 'sudo rm -fr /' |
|
| Back to top |
|
 |
vincent-
Retired Dev
Joined: 13 Jan 2007
Posts: 415
Location: Valencia (Spain)
|
| Posted: Thu Jul 22, 2010 10:25 am Post subject: |
|
|
Try to activate the sasl and ssl use flags of mail-mta/postfix, rebuild it, and restart it.
Last edited by vincent- on Thu Jul 22, 2010 5:47 pm; edited 1 time in total |
|
| Back to top |
|
|
Anarcho
Advocate
Joined: 06 Jun 2004
Posts: 2970
Location: Germany
|
| Posted: Thu Jul 22, 2010 5:06 pm Post subject: |
|
|
You might check the USE-Flags of openssl and probably update openssl and re-install postfix then.
_________________
...it's only Rock'n'Roll, but I like it! |
|
| Back to top |
|
|
NotQuiteSane
Guru
Joined: 30 Jan 2005
Posts: 488
Location: Klamath Falls, Jefferson, USA, North America, Midgarth
|
| Posted: Thu Jul 22, 2010 11:25 pm Post subject: |
|
|
| Anarcho wrote: | | You might check the USE-Flags of openssl and probably update openssl and re-install postfix then. |
ssl and sasl were activated on postfix. I added kerberos and sse2 to open ssl then recompiled both. no joy.
NQS
_________________
These opinions are mine, mine I say! Piss off and get your own.
As I see it -- An irregular blog, Improved with new location
To delete French language packs from system use 'sudo rm -fr /' |
|
| Back to top |
|
|
vincent-
Retired Dev
Joined: 13 Jan 2007
Posts: 415
Location: Valencia (Spain)
|
| Posted: Fri Jul 23, 2010 4:40 am Post subject: |
|
|
| Can I see your main.cf? |
|
| Back to top |
|
|
NotQuiteSane
Guru
Joined: 30 Jan 2005
Posts: 488
Location: Klamath Falls, Jefferson, USA, North America, Midgarth
|
| Posted: Fri Jul 23, 2010 5:19 am Post subject: |
|
|
| peratu wrote: | | Can I see your main.cf? |
With comments stripped out:
| Code: | queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = //usr/lib/postfix
mail_owner = postfix
default_privs = nobody
myhostname = linus3.triad.ath.cx
mydomain = triad.ath.cx
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
unknown_local_recipient_reject_code = 450
mynetworks = 192.168.0.0/16, 127.0.0.0/8
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = linus3.triad.ath.cx
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname,localhost.$mydomain,$mydomain,mac.isa-geek.org,asisee.it
defer_transports =
disable_dns_lookups = no
relayhost = [titan.cvip.net]:587
content_filter = smtp-amavis:[127.0.0.1]:10024
mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Mail/ MAILDIR=$HOME/Mail
home_mailbox = Mail/
mailbox_transport =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 25640000
html_directory = /usr/share/doc/packages/postfix/html
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
hash_queue_names = deferred, defer active bounce flush incoming
data_directory = /var/lib/postfix |
NQS
_________________
These opinions are mine, mine I say! Piss off and get your own.
As I see it -- An irregular blog, Improved with new location
To delete French language packs from system use 'sudo rm -fr /' |
|
| Back to top |
|
|
Anarcho
Advocate
Joined: 06 Jun 2004
Posts: 2970
Location: Germany
|
| Posted: Fri Jul 23, 2010 6:36 am Post subject: |
|
|
Hi,
that's what I use in main.cf:
| Code: | mail ~ # grep tls /etc/postfix/main.cf | egrep -v '^#'
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/servercert.pem
smtpd_tls_cert_file = /etc/postfix/servercert.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom |
As you can see, I have no reference to a CA file.
And my USE-Flags:
| Code: | [ebuild U ] dev-libs/openssl-0.9.8o [0.9.8n] USE="(sse2) zlib -bindist -gmp -kerberos -test" 3,685 kB
[ebuild U ] mail-mta/postfix-2.6.6 [2.6.5] USE="hardened mysql pam postgres sasl ssl -cdb -dovecot-sasl -ipv6 -ldap -mbox -nis (-selinux) -vda" 3,250 kB |
EDIT:
Maybe it is related to:
https://bugs.gentoo.org/show_bug.cgi?id=313189
_________________
...it's only Rock'n'Roll, but I like it! |
|
| Back to top |
|
|
vincent-
Retired Dev
Joined: 13 Jan 2007
Posts: 415
Location: Valencia (Spain)
|
| Posted: Fri Jul 23, 2010 9:46 am Post subject: |
|
|
This is my config:
| Code: |
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_auth_only = yes
smtpd_helo_required = yes
smtpd_client_restrictions =
permit_sasl_authenticated
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client dnsbl.njabl.org,
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_tls_key_file = /etc/postfix/newkey.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
tls_random_source = dev:/dev/urandom
|
Hope it helps. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
