Olaf Hering [04.08.2015 11:24]:
Not sure if its related to this bug, tls does not seem to work.
Aug 04 11:21:35 probook.fritz.box postfix/pickup[8561]: 102F1507F5: uid=1000 from=
Aug 04 11:21:35 probook.fritz.box postfix/cleanup[8594]: 102F1507F5: message-id=<20150804092134.GA8585@aepfle.de> Aug 04 11:21:35 probook.fritz.box postfix/qmgr[8563]: 102F1507F5: from= , size=402, nrcpt=1 (queue active) Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: warning: cannot get RSA certificate from file /etc/ssl/: disabling TLS support Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: warning: TLS library problem: error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE: Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: warning: TLS library problem: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:689: Aug 04 11:21:35 probook.fritz.box postfix/smtp[8596]: 102F1507F5: to= , relay=smtp.strato.de[2a01:238:20a:202:55f0::1133]:25, delay=0.58, delays=0.14/0.09/0.16/0.18, dsn=2.0.0, status=sent (250 2.0.0 queued as J057a6r749LZlhX) Aug 04 11:21:35 probook.fritz.box postfix/qmgr[8563]: 102F1507F5: removed
# grep tlsmgr /etc/postfix/master.cf tlsmgr unix - - n 1000? 1 tlsmgr Did you remove the # sign at the beginning of that line? tlsmgr is not enabled by default.
It used to look like this, in 11.4:
Jul 30 07:57:42 probook postfix/pickup[31726]: 70E9A502E6: uid=1000 from=
Jul 30 07:57:42 probook postfix/cleanup[2793]: 70E9A502E6: message-id=<20150730055742.GA1379@aepfle.de> Jul 30 07:57:42 probook postfix/qmgr[2743]: 70E9A502E6: from= , size=947, nrcpt=1 (queue active) Jul 30 07:57:42 probook postfix/smtp[2796]: certificate verification failed for smtp.strato.de[2a01:238:20a:202:55f0::1133]:25: untrusted issuer /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 Jul 30 07:57:43 probook postfix/smtp[2796]: 70E9A502E6: to= , relay=smtp.strato.de[2a01:238:20a:202:55f0::1133]:25, delay=1.2, delays=0.31/0.11/0.25/0.48, dsn=2.0.0, status=sent (250 2.0.0 queued as g03c76r6U5vgj8d) Jul 30 07:57:43 probook postfix/qmgr[2743]: 70E9A502E6: removed Olaf
In the old times, when 11.4 was released, "Deutsche Telekom Root CA 2" was not known. That changed in the meantime. With the setting smtp_tls_CApath = /etc/ssl/certs on a less ancient SUSE you should not get this verification error. Deutsche_Telekom_Root_CA_2.pem ist delivered now :) On SLES 11, it is in package openssl-certs, in oS 13.2 in ca-certificates. Regards, Werner --