Joe Sloan wrote:
Jim Flanagan wrote:
Here is an excerpt from /var/log/mail
May 20 20:59:55 cammee postfix/smtpd[30058]: warning: cannot get private key from file /etc/postfix/ssl/smtpd.crt May 20 20:59:55 cammee postfix/smtpd[30058]: warning: TLS library problem: 30058:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY: May 20 20:59:55 cammee postfix/smtpd[30058]: warning: TLS library problem: 30058:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669: May 20 20:59:55 cammee postfix/smtpd[30058]: cannot load RSA certificate and key data
Definitely confirms that there is a problem with your certs.
Here is another that I really don't understand. I'm relaying thru my ISP, but why would my cert be passed on to them?
May 20 21:00:18 cammee postfix/smtp[30055]: ADBF58BC9B: to=<opensuse@opensuse.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.4, delays=0.27/0/0.01/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C952A8BC8D) May 20 21:00:18 cammee postfix/qmgr[29988]: ADBF58BC9B: removed May 20 21:00:18 cammee postfix/smtp[30094]: certificate verification failed for smtpauth.myisp.com: num=19:self signed certificate in certificate chain May 20 21:00:20 cammee postfix/smtp[30094]: C952A8BC8D: to=<opensuse@opensuse.org>, relay=smtpauth.myisp.com[207.69.189.203]:25, delay=2.4, delays=0.09/0.09/1.7/0.48, dsn=2.0.0, status=sent (250 OK id=1Jydcp-0008BL-NK) May 20 21:00:20 cammee postfix/qmgr[29988]: C952A8BC8D: removed
If your postfix is set up to always try tls, with strict certificate checks, those log entries could make sense for a variety of scenarios.
I set up my postfix server for opportunistic tls, both sending and receiving, and see a lot of tls mail traffic as a result. But it's not mandatory, so if the tls handshake doesn't work, it falls back to conventional smtp, which is good enough for my purposes.
FWIW my setup is similar to the one described here -
http://enricozini.org/2006/etiopia/seventh-day-in-addis.html
Joe
I'll have a look thru that, thanks. I have been following one of those "Perfect Server" postings about opensuse 10.3 on Sourceforge, the part about Postfix and Cyrus Imap, at http://www.howtoforge.com/perfect_server_opensuse10.3_p5 Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org