Mailinglist Archive: opensuse (2778 mails)

< Previous Next >
Re: [opensuse] Help with Certs for Cyrus IMAP and TLS
  • From: "John Andersen" <jsamyth@xxxxxxxxx>
  • Date: Tue, 20 May 2008 23:40:36 -0700
  • Message-id: <60fb01490805202340x19ca7cadi363b780d230029cb@xxxxxxxxxxxxxx>
On Tue, May 20, 2008 at 8:57 PM, Jim Flanagan <linuxjim@xxxxxxxxxx> wrote:
John Andersen wrote:

On Tue, May 20, 2008 at 7:00 PM, Jim Flanagan <linuxjim@xxxxxxxxxx> wrote:


Greetings all,

I am having problems with my certs. I made certs for TLS and put them in
/etc/postfix/ssl. I believe I made them correctly, all are owned
root-root.
They are named, smtpd.crt, smtpd.key, cacert.pem, (also cakey.pem and
smptd.csr are there too). On sending a test message with Thunderbird I
get
an error in /var/log/mail.info stating "cannot load RSA certificate and
key
data". Thunderbird returns a message saying "unable to connect to SMTP
server at xx.xx.xx.xx via STARTTLS since it dosen't offer STARTTLS in
EHLO
response.



Since you obfuscated the IP (xx.xx.xx.xx) I can only assume that it
was NOT 127.0.0.1 (localhost) which suggests you are connecting
to some IP that would make sense to obfuscate.

Which suggests that you are connecting to your external interface
from thunderbird, or thunderbird is not on this same machine?


Check your /etc/sysconfig/postfix file for the line (near bottom)
that says:
POSTFIX_ADD_MYNETWORKS_STYLE="subnet"
(if that says host instead of subnet then only connections
from/to 127.0.0.x will be allowed.



The actual IP address was an internal 192.168.xx.xx address, local lan. Not
from the email server box, but a separate box on the lan. I can connect and
send using plain connection, but it fails using TLS. Both on port 25.

Also, you should have a postfix configuration line that reads
smtp_sasl_mechanism_filter = !DIGEST-MD5, !external, static:all
because the mechanisms "Not"ed out really don't work and are
not necessary.




I have postfix and sasl to auth via plan text. Again this is working fine.
without TLS. I'm trying to obfuscate the connection with TLS, still using
plain text, only inside the TLS connection.

All this leads me to beleive the problem is a cert issue.

Jim F
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx



But you failed to answer the question about
POSTFIX_ADD_MYNETWORKS_STYLE="subnet"

Check your /etc/sysconfig/postfix file for this setting.

--
----------JSA---------
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >