View previous topic :: View next topic |
Author |
Message |
Mythos l33t
Joined: 02 May 2004 Posts: 953 Location: Portugal
|
Posted: Wed Nov 16, 2005 11:57 am Post subject: Postfix 2.2.5 tls problem asfter upgrade ...(Solved) |
|
|
Hi there i have installed postfix with ssl, etc, etc. After upgrading to postfix 2.2.5 from postfix 2.1.x my outgoing email tls doesn't work. it simple stopped working i can only send with no tls ...
my pop and imap incoming with ssl work's fine ...
some of my conf's:
Code: | #etc/pam.d/smtp
auth optional pam_mysql.so host=localhost db=xxxxx user=xxxxxl \
passwd=xxxx table=users usercolumn=email passwdcolumn=clear crypt=0
account required pam_mysql.so host=localhost db=xxxxxl user=xxxxx \
passwd=xxxxxx table=users usercolumn=email passwdcolumn=clear crypt=0 |
Code: | #/etc/conf.d/saslauthd
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a rimap -r"
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost" |
Code: |
#/etc/sasl2/smtpd.conf
mech_list: PLAIN LOGIN
pwcheck_method: saslauthd |
Code: | #/etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = smtp.xpto.com
mydomain = xpto.com
#myorigin = $myhostname
#myorigin = $mydomain
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
local_transport = local
local_recipient_maps = $alias_maps unix:passwd.byname
home_mailbox = .maildir/
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
debug_peer_level = 5
debug_peer_list = xpto.com
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.2.5/readme
default_destination_concurrency_limit = 2
alias_database = hash:/etc/mail/aliases
local_destination_concurrency_limit = 2
alias_maps = hash:/etc/mail/aliases
#home_mailbox = .maildir/
#SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtp_use_tls = yes
smtpd_use_tls = yes
#smtpd_tls_enforce_peername = yes
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_note_starttls_offer = yes
#smtpd_enforce_tls = no
#smtpd_enforce_tls = yes
#smtpd_tls_cipherlist = DEFAULT
smtpd_starttls_timeout = 300s
#smtpd_tls_auth_only = yes
smtpd_tls_ccert_verifydepth = 1
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#Restritions.
smtpd_delay_reject = yes
#delay_warning_time = 4
smtpd_client_restrictions =
permit_mynetworks,
permit_auth_destination,
reject_rbl_client relays.ordb.org,
reject_unknown_client
smtpd_sender_restrictions =
permit_mynetworks,
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_sender_login_mismatch,
reject_unknown_sender_domain
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
mailbox_command = /usr/bin/procmail -a "smtp.xpto.com"
smtpd_recipient_restrictions =
check_policy_service unix:private/policy-spf,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
enable_vrfy_command = yes
#disable_vrfy_command = yes
message_size_limit = 10000000
#local_transport = no local mail delivery
biff = no
empty_address_recipient = MAILER-DAEMON
queue_minfree = 120000000
content_filter = smtp-amavis:[127.0.0.1]:10024 |
Code: |
#/etc/postfix/master.cf
smtp inet n - n - - smtpd -v -o smtpd_sasl_auth_enable=yes
policy-greylist unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/bin/greylist.pl
policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/bin/spf.pl
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
#smtps inet n - n - - smtpd
#-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
#Equivalently when using lmtp:
#smtp-amavis unix - - n - 2 lmtp
# -o lmtp_data_done_timeout=1200
# -o lmtp_send_xforward_command=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
#-o local_recipient_maps=
#-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000 |
I even recreat the cert's again with host smtp.xpto.com etc ...
this simple stop working after upgrade ...
just notice this in my log
Code: | Nov 16 12:03:38 [postfix/smtpd] warning: cannot get certificate from file /etc/postfix/newcert.pem
Nov 16 12:03:38 [postfix/smtpd] warning: TLS library problem: 5170:error:0906D06C:PEM routines:PEM_read_bio:no start line:pe$
Nov 16 12:03:38 [postfix/smtpd] warning: TLS library problem: 5170:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain$
Nov 16 12:03:38 [postfix/smtpd] cannot load RSA certificate and key data |
My cert was not commiting ... erased all in demoCa and then make new certs and voila thank you _________________ Best Regards,
Sérgio Henrique
Linux dune 3.0.6-gentoo #1 SMP Thu Oct 27 16:47:29 WEST 2011 x86_64 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux
Last edited by Mythos on Wed Nov 16, 2005 1:13 pm; edited 1 time in total |
|
Back to top |
|
|
magic919 Advocate
Joined: 17 Jun 2005 Posts: 2182 Location: Berkshire, UK
|
Posted: Wed Nov 16, 2005 12:18 pm Post subject: |
|
|
I'd take a look at the changelog. The bit headed Major Changes - TLS Support might shed some light on it. |
|
Back to top |
|
|
Mythos l33t
Joined: 02 May 2004 Posts: 953 Location: Portugal
|
Posted: Wed Nov 16, 2005 12:31 pm Post subject: |
|
|
my problem is here damm
Code: | Nov 16 12:03:38 [postfix/smtpd] warning: cannot get certificate from file /etc/postfix/newcert.pem |
_________________ Best Regards,
Sérgio Henrique
Linux dune 3.0.6-gentoo #1 SMP Thu Oct 27 16:47:29 WEST 2011 x86_64 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux |
|
Back to top |
|
|
Teardrop Apprentice
Joined: 21 Oct 2002 Posts: 176
|
Posted: Fri Jun 02, 2006 9:09 am Post subject: |
|
|
so what was your solution? i tried to make a new cert but still the same problem.
thanks
cu Teardrop |
|
Back to top |
|
|
ProPilot n00b
Joined: 15 Aug 2005 Posts: 38
|
Posted: Mon Jun 05, 2006 1:25 pm Post subject: |
|
|
I am interested in the answer as well - have the same problem.
Tom |
|
Back to top |
|
|
Mythos l33t
Joined: 02 May 2004 Posts: 953 Location: Portugal
|
Posted: Tue Jun 06, 2006 10:46 pm Post subject: |
|
|
Hi there it's easy i add to make all cert's again. Directory where i put cert's had the files but with no information in. Files were empty...
So i make all cert's again and my problem was solved _________________ Best Regards,
Sérgio Henrique
Linux dune 3.0.6-gentoo #1 SMP Thu Oct 27 16:47:29 WEST 2011 x86_64 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux |
|
Back to top |
|
|
Maedhros Bodhisattva
Joined: 14 Apr 2004 Posts: 5511 Location: Durham, UK
|
Posted: Sat Jun 10, 2006 8:54 pm Post subject: |
|
|
Please follow up to postfix / cert / problems.
Moved from Networking & Security to Duplicate Threads. _________________ No-one's more important than the earthworm. |
|
Back to top |
|
|
|