https://bugzilla.novell.com/show_bug.cgi?id=862662 https://bugzilla.novell.com/show_bug.cgi?id=862662#c0 Summary: Unable to configure postfix SMTP with forced TLS using YaST2 Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: yast2-maintainers@suse.de ReportedBy: l.epperlein@gmx.net QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Opera/9.80 (X11; Linux i686) Presto/2.12.388 Version/12.15 I got a request by my mail provider to switch to secure communication. My setting at the mail server up to now was USE (or MAY use) TLS, but not to force it. So far I understand it, postfix fell back into an unencrypted connection. But I got trouble as I changed the setting to force TLS, no mails are able to deliver to my mail provider via smtp. Reproducible: Always Steps to Reproduce: 1.Start YaST2 -> Mail Server 2.Enforce the use of TLS 3.Do the remaining adjustments (authentication and so on) to achieve a working system I've have done: At first I updated the ca-certficates packages. I did a rehash of /etc/ssl/certs (c_rehash /etc/ssl/certs) I went through the settings in YAST/mail server After that I corrected two things: - ln -s /etc/ssl/certs /etc/postfix/ssl/cacerts (since there was a reference to it in the postfix/main.cf) - commenting out this line in postfix/master.cf (old: #tlsmgr unix - - n 1000? 1 tlsmgr): tlsmgr unix - - n 1000? 1 tlsmgr - removing the value of POSTFIX_TLS_CAFILE in /etc/sysconfig/postfix Than I restart postfix. Now I'm able to send mails via postfix and TLS. Actual Results: I wasn't able to deliver mail via TLS: 2014-02-05T21:57:13.884269+01:00 shuttle postfix/smtp[15012]: warning: connect to private/tlsmgr: Connection refused 2014-02-05T21:57:13.896772+01:00 shuttle postfix/smtp[15012]: warning: problem talking to server private/tlsmgr: Connection refused 2014-02-05T21:57:14.900666+01:00 shuttle postfix/smtp[15012]: warning: connect to private/tlsmgr: Connection refused 2014-02-05T21:57:14.902788+01:00 shuttle postfix/smtp[15012]: warning: problem talking to server private/tlsmgr: Connection refused 2014-02-05T21:57:14.907749+01:00 shuttle postfix/smtp[15012]: warning: no entropy for TLS key generation: disabling TLS support 2014-02-05T21:57:15.002238+01:00 shuttle postfix/smtp[15012]: A831C473AE: TLS is required, but our TLS engine is unavailable 2014-02-05T21:57:15.124226+01:00 shuttle postfix/smtp[15012]: A831C473AE: to=<xxx@gxxx.com>, relay=mail.gmx.net[212.227.17.168]:587, delay=1 4, delays=0.11/1.1/0.17/0, dsn=4.7.5, status=deferred (TLS is required, but our TLS engine is unavailable) and (after enbling tlsmgr in postfix/master.conf): 2014-02-05T21:58:05.178154+01:00 shuttle postfix/qmgr[15134]: 1FAB0473A7: from=<xxxxxx@gmx.net>, size=627, nrcpt=1 (queue active) 2014-02-05T21:58:05.458115+01:00 shuttle postfix/smtp[15140]: certificate verification failed for mail.gmx.net[212.227.17.190]:587: untrusted issue r /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 2014-02-05T21:58:05.550335+01:00 shuttle postfix/smtp[15140]: 1FAB0473A7: Server certificate not trusted 2014-02-05T21:58:05.720818+01:00 shuttle postfix/smtp[15140]: certificate verification failed for mail.gmx.net[212.227.17.168]:587: untrusted issue r /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 2014-02-05T21:58:05.850664+01:00 shuttle postfix/smtp[15140]: 1FAB0473A7: to=<xxx@gxxx.com>, relay=mail.gmx.net[212.227.17.168]:587, delay=3 70, delays=369/0.1/0.54/0, dsn=4.7.5, status=deferred (Server certificate not trusted) Expected Results: Sending mail sucessfully -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.