Has anyone here ever gotten TLS to work under Postfix? I have a client who wanst to use it to authenticate SMTP for remote users. Currently this client is using the standard of utilizing the SMTP server of the ISP, but would rather use TLS. The specs for the test machine I'm working with are: PIII800/256MB RAM RedHat 7.1 with all updates current. postfix-20010228-pl04 compiled with TLS support. openssl-0.9.6b OpenCA-0.2.0-5 I have (attempted) to create keys for the Server and a pair for a user. I have pointed the main.cf to what I believe are the correct keys: ############ main.cf ################### smtpd_use_tls = yes smtp_tls_key_file = /usr/local/OpenCA/private/01_key.pem smtp_tls_cert_file = /usr/local/OpenCA/certs/new/01.pem smtp_tls_CAfile = /usr/local/OpenCA/cacert.pem smtpd_tls_CApath = /usr/local/OpenCA/certs smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 3 ######################################## Keys and certs are chown'ed and chmod'ed as per the install instructions. 'postfix reload' works without errors. But as soon as I try to connect: # telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 hostname.domain.com ESMTP Postfix ehlo localhost 250-hostname.domain.com 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250 8BITMIME starttls 454 TLS not available due to temporary reason quit 221 Bye Connection closed by foreign host. ....and the maillog shows: Sep 12 11:16:44 hostname postfix-script: refreshing the Postfix mail system Sep 12 11:16:44 hostname postfix/master[26960]: reload configuration Sep 12 11:17:31 hostname postfix/smtpd[21529]: starting TLS engine Sep 12 11:17:31 hostname postfix/smtpd[21529]: TLS engine: do need at least RSA _or_ DSA cert/key data Sep 12 11:17:31 hostname postfix/smtpd[21529]: connect from localhost.localdomain[127.0.0.1] Sep 12 11:18:00 hostname postfix/smtpd[21529]: disconnect from localhost.localdomain[127.0.0.1] Notice the TLS error comes when I try to connect rather than when postfix is started. The key generation in OpenCA says specifically that the keys generated are RSA keys and the output is in the .pem format that TLS needs. Any ideas? Brian --------------------------------------------------------------- | [EMAIL PROTECTED] Spam me and DIE! | | http://www.datasquire.net | | Co-Founder & Co-Owner of | | Data Squire Internet Services | --------------------------------------------------------------- ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
