NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Authenticated Email (TLS?)
On Sun, Nov 06, 2011 at 02:07:01PM -0800, Paul Goyette wrote:
> I think I'm making progress... But still not working.
>
> When I try to start a TLS session from the client (a 'droid phone),
> I get an error report from postfix.
>
> Out: 220 screamer.whooppee.com ESMTP Postfix
> In: EHLO localhost
> Out: 250-screamer.whooppee.com
> Out: 250-PIPELINING
> Out: 250-SIZE 10240000
> Out: 250-ETRN
> Out: 250-STARTTLS
> Out: 250-ENHANCEDSTATUSCODES
> Out: 250-8BITMIME
> Out: 250 DSN
> In: STARTTLS
> Out: 454 4.7.0 TLS not available due to local problem
> Out: 421 4.4.2 screamer.whooppee.com Error: timeout exceeded
>
> In my /var/log/maillog I get
>
> Nov 6 13:35:29 screamer postfix/smtpd[25338]: warning: No server certs
> available. TLS won't be enabled
> Nov 6 13:35:29 screamer postfix/smtpd[25338]: connect from
> wifi[66.92.186.139]
> ...
> Nov 6 13:40:30 screamer postfix/smtpd[25338]: timeout after STARTTLS
> from wifi[66.92.186.139]
> Nov 6 13:40:30 screamer postfix/smtpd[25338]: disconnect from
> wifi[66.92.186.139]
Postfix handles TLS itself, Dovecot doesn't get involved. The problem
is that you haven't create TLS certificates. You can e.g. create those
with the "openssl" command.
Here are the snippets from my "/etc/postfix/main.cf" to turn out TLS
both client and server side:
# TLS: client side
smtp_use_tls = yes
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/postfix/certs/cacert.pem
# TLS: server side
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/certs/colwyn-key.pem
smtpd_tls_cert_file = /etc/postfix/certs/colwyn-cert.pem
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
"cacert.pm" is based on "pkgsrc/security/mozilla-rootcerts" but also
includes my own CA certificate.
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
Home |
Main Index |
Thread Index |
Old Index