John Andersen wrote:
On Tue, May 20, 2008 at 7:00 PM, Jim Flanagan
wrote: Greetings all,
I am having problems with my certs. I made certs for TLS and put them in /etc/postfix/ssl. I believe I made them correctly, all are owned root-root. They are named, smtpd.crt, smtpd.key, cacert.pem, (also cakey.pem and smptd.csr are there too). On sending a test message with Thunderbird I get an error in /var/log/mail.info stating "cannot load RSA certificate and key data". Thunderbird returns a message saying "unable to connect to SMTP server at xx.xx.xx.xx via STARTTLS since it dosen't offer STARTTLS in EHLO response.
Since you obfuscated the IP (xx.xx.xx.xx) I can only assume that it was NOT 127.0.0.1 (localhost) which suggests you are connecting to some IP that would make sense to obfuscate.
Which suggests that you are connecting to your external interface from thunderbird, or thunderbird is not on this same machine?
Check your /etc/sysconfig/postfix file for the line (near bottom) that says: POSTFIX_ADD_MYNETWORKS_STYLE="subnet" (if that says host instead of subnet then only connections from/to 127.0.0.x will be allowed.
The actual IP address was an internal 192.168.xx.xx address, local lan. Not from the email server box, but a separate box on the lan. I can connect and send using plain connection, but it fails using TLS. Both on port 25.
Also, you should have a postfix configuration line that reads smtp_sasl_mechanism_filter = !DIGEST-MD5, !external, static:all because the mechanisms "Not"ed out really don't work and are not necessary.
I have postfix and sasl to auth via plan text. Again this is working fine. without TLS. I'm trying to obfuscate the connection with TLS, still using plain text, only inside the TLS connection. All this leads me to beleive the problem is a cert issue. Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org