Olaf Hering [05.08.2015 16:23]:
On Tue, Aug 04, Werner Flamme wrote:
Olaf Hering [04.08.2015 11:24]:
Not sure if its related to this bug, tls does not seem to work.
Aug 04 11:21:35 probook.fritz.box postfix/pickup[8561]: 102F1507F5: uid=1000 from=<olaf@aepfle.de> Aug 04 11:21:35 probook.fritz.box postfix/cleanup[8594]: 102F1507F5: message-id=<20150804092134.GA8585@aepfle.de> Aug 04 11:21:35 probook.fritz.box postfix/qmgr[8563]: 102F1507F5: from=<olaf@aepfle.de>, size=402, nrcpt=1 (queue active) Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: warning: cannot get RSA certificate from file /etc/ssl/: disabling TLS support Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: warning: TLS library problem: error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE: Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: warning: TLS library problem: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:689: Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: 102F1507F5: to=<olaf@aepfle.de>, relay=smtp.strato.de[2a01:238:20a:202:55f0::1133]:25, delay=0.58, delays=0.14/0.09/0.16/0.18, dsn=2.0.0, status=sent (250 2.0.0 queued as J057a6r749LZlhX) Aug 04 11:21:35 probook.fritz.box postfix/qmgr[8563]: 102F1507F5: removed
# grep tlsmgr /etc/postfix/master.cf tlsmgr unix - - n 1000? 1 tlsmgr
Did you remove the # sign at the beginning of that line? tlsmgr is not enabled by default.
It is enabled. '/etc/ssl/' is not a file, so most likely some path expansion fails.
What binary needs to be straced or otherwise inspected to see where the RSA certificate grabbing fails?
Olaf
Hi Olaf, maybe the result of postconf smtp_tls_cert_file is smtp_tls_cert_file = /etc/ssl/ For me, this parameter is set to /etc/postfix/ssl/smtp.cert, an existing file containing my (self-signed) certificate. If smtp_tls_cert_file does not point to an existing certificate file, edit /etc/postfix/main.cf so that it does. Maybe you can set smtpd_tls_cert_file to the same value, just to be sure. After the edit "rcpostfix reload" to notify postfix of the changes. smtp_* parameters are for sending, smtpd_* parameters are for receiving mail. HTH, Werner --