Greetings all, I am having problems with my certs. I made certs for TLS and put them in /etc/postfix/ssl. I believe I made them correctly, all are owned root-root. They are named, smtpd.crt, smtpd.key, cacert.pem, (also cakey.pem and smptd.csr are there too). On sending a test message with Thunderbird I get an error in /var/log/mail.info stating "cannot load RSA certificate and key data". Thunderbird returns a message saying "unable to connect to SMTP server at xx.xx.xx.xx via STARTTLS since it dosen't offer STARTTLS in EHLO response. However, running telent localhost 25 returns: 220 mail.jjfiii.com ESMTP Postfix ehlo localhost 250-mail.jjfiii.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN So I think this may be an ownership issue?? postconf -n returns the following: alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 51200000 mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_exceptions = root message_size_limit = 10240000 mydestination = me.com, mail.me.com localhost mydomain = me.com myhostname = mail.me.com myorigin = me.com newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = [something.somewhere.com] relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_type = cyrus smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipients_internal_only, check_client_access hash:/etc/postfix/client_blacklist permit_sasl_authenticated smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 Not sure where my problem is. I have a second issue now too. Where do I put the cert for cyrus IMAP, and what config file do I tell cyrus to point to? Can cyrus use the same smtpd.crt I made in /etc/postfix/ssl, or do I need to make a separate one for imap?? Many thanks, Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org