-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2007-04-18 at 11:03 +0200, Sandy Drobic wrote:
You have a problem with the tlsmgr. Please check that you indeed have an entry for tlsmgr:
/etc/postfix/master.cf: tlsmgr unix - - n 1000? 1 tlsmgr
Yep! It works now. At least, it doesn't complain of that, now I get new complaints: Apr 18 14:09:21 nimrodel postfix/smtp[23556]: certificate verification failed for mx1.suse.de: num=19:self signed certificate in certificate chain This is a never ending tale! :-) I guess I would have to import their certificate somehow.
Also run: postfix upgrade-configuration postfix set-permissions postfix check
This applies escpecially if you have upgraded your system from earlier versions of Suse.
Ah... ok. First I stop postfix and fetchmail... (oops, I stopped fetchmail while it was fetching)... make a backup... run that... nimrodel:/etc/postfix # postfix upgrade-configuration Editing /etc/postfix/master.cf, adding missing entry for discard service Note: the following files or directories still exist but are no longer part of Postfix: /etc/postfix/pcre_table /etc/postfix/regexp_table nimrodel:/etc/postfix # postfix set-permissions nimrodel:/etc/postfix # postfix check nimrodel:/etc/postfix # Done! Sort by date, find what was modified... prng_exch - what's this? A binary, not new, but new to me. master.cf tls_random_exchange_name (default: ${config_directory}/prng_exch) Name of the pseudo random number generator (PRNG) state file that is maintained by tlsmgr(8). The file is created when it does not exist, and its length is fixed at 1024 bytes. Since this file is modified by Postfix, it should probably be kept in the / var file system, instead of under $config_directory. The location should not be inside the chroot jail. This feature is available in Postfix 2.2 and later. Curious! But it is kept in /etc/postfix. nimrodel:/etc/postfix # diff master.cf master.cf.old 150d149 < discard unix - - n - - discard nimrodel:/etc/postfix # A new entry! I wonder why Yast didn't do this while updating my system two months ago. Send a test email... worked fine. Good! :-)
You might also want to check if AppArmor is interfering.
Ah, yes, I tend to forget that one [...] no, nothing there.
I understand that using tsl for server is more complicated, defining keys, etc. But as a client, I thought it was easier. I must be missing something.
Ok... my config is thus (postconf | grep smtp_tls):
No certs are neccessary for Postfix to use TLS as a client.
I thought so.
smtp_use_tls (default: no) ... This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtp_tls_security_level instead.
Yes, the setting is deprecated, for Postfix 2.3 upwards the parameter below should be used.
smtp_tls_security_level (default: empty)
I set it to "may", ie, oportunistic. It appears my provider doesn't allow tls, anyway. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGJhGktTMYHG2NR9URAl5YAJ9ZtBXgiyEopXrNinpI79ikxffpQwCfYTC7 btzWM2jX1SdY24nmUHqf7n4= =6T1+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org