Hi Herbert! That is the way I initially did it actually. But after giving it another shot, it suddenly says configuration ok. Which leaves me happy but still scratching my noodle. Maybe it was that I shouldn't chmod 600 on the cert file but only the kep file. Because that's the only thing I can think of that is different. Either way now the configuration is ok. So I _should_ be able to use this cert now! I just need to try and see how far I can get from here and if I can't solve the other issues I had I will continue this topic!
Thanks so much everyone, opensmtpd is awesome! :) On Wed, Feb 19, 2014 at 1:05 AM, Herbert J. Skuhra <[email protected]> wrote: > On Tue, 18 Feb 2014 13:04:24 +0100 > Isak Andersson wrote: > > > Hi Eriik and Jason! > > > > It sounds very much like it could be an issue with permissions. I have > been > > trying to change the permissions around a little bit and making the owner > > the smtpd (which is the user that systemd starts it as) user (there is > also > > an smtpq user which I guess does the sendning? q for queue?). I still get > > the same error and an additional warning that the certificate is not > owned > > by uid 0. Here is the errors and permissions: > > > > ``` > > [root@BrutusBjare isak]# systemctl restart smtpd > > Job for smtpd.service failed. See 'systemctl status smtpd.service' and > > 'journalctl -xn' for details. > > [root@BrutusBjare isak]# journalctl -xn > > -- Logs begin at Fri 2013-03-29 01:07:20 UTC, end at Tue 2014-02-18 > > 12:03:16 UTC. -- > > Feb 18 12:00:28 BrutusBjare systemd[1]: Unit smtpd.service entered failed > > state. > > Feb 18 12:02:17 BrutusBjare sshd[5738]: pam_unix(sshd:auth): > authentication > > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns215641.ovh.net > > user=root > > Feb 18 12:02:18 BrutusBjare sshd[5738]: Failed password for root from > > 94.23.247.130 port 44229 ssh2 > > Feb 18 12:02:18 BrutusBjare sshd[5738]: Received disconnect from > > 94.23.247.130: 11: Bye Bye [preauth] > > Feb 18 12:03:16 BrutusBjare systemd[1]: Starting OpenSMTPD... > > -- Subject: Unit smtpd.service has begun with start-up > > -- Defined-By: systemd > > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > > -- > > -- Unit smtpd.service has begun starting up. > > Feb 18 12:03:16 BrutusBjare smtpd[5742]: warn: > > /etc/ssl/certs/puffinmail.crt: not owned by uid 0 > > Feb 18 12:03:16 BrutusBjare smtpd[5742]: fatal: load_ssl_tree: failed to > > load certificate file > > Feb 18 12:03:16 BrutusBjare systemd[1]: smtpd.service: control process > > exited, code=exited status=1 > > Feb 18 12:03:16 BrutusBjare systemd[1]: Failed to start OpenSMTPD. > > -- Subject: Unit smtpd.service has failed > > -- Defined-By: systemd > > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > > -- Documentation: > > > http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d > > -- > > -- Unit smtpd.service has failed. > > -- > > -- The result is failed. > > Feb 18 12:03:16 BrutusBjare systemd[1]: Unit smtpd.service entered failed > > state. > > [root@BrutusBjare isak]# smtpd -n > > warn: /etc/ssl/certs/puffinmail.crt: not owned by uid 0 > > fatal: load_ssl_tree: failed to load certificate file > > [root@BrutusBjare isak]# ls -l /etc/ssl/certs/puffinmail.crt > > -rw-r--r-- 1 smtpd root 6335 Feb 18 02:02 /etc/ssl/certs/puffinmail.crt > > [root@BrutusBjare isak]# ls -l /etc/ssl/private/puffinmail.key > > -rw-r--r-- 1 smtpd root 12603 Feb 18 02:00 > /etc/ssl/private/puffinmail.key > > [root@BrutusBjare isak]# > > What happens if you change owner to root (crt and key file) and chmod > 600 at least the key file? > > -- > Herbert >
