>> Getting this error and not sure what to make of that error code 0B084002: >> >> warn: unable to load CA file /etc/pki/certs/ca-chain.cert.pem: >> Permission denied >> debug: lka: X509 verify: error:0B084002:x509 certificate >> routines:X509_load_cert_crl_file:system lib >> smtp-out: Server certificate verification failed on session 21fb77fa13301003 >> >> The file has the same permission as the PKI certificates (and PEM >> format) but for which no such error is exhibited. >> >> # file: etc/pki/certs/ca-chain.cert.pem >> # owner: root >> # group: root >> user::r-- >> group::--- >> other::r-- >> >> >> This is on Archlinux kernel 4.17.9 and its repo package opensmtpd 6.0.3p1-2 >> > The config you posted previously didn't show any of the tls information > needed to assist you.
That is config: ca mail certificate '/etc/pki/certs/ca-chain.cert.pem' pki mail key '/etc/pki/private/RSA_smtp_lan_server_vtol.km.key.pem' pki mail certificate '/etc/pki/certs/RSA_smtp_lan_server_vtol.km.cert.pem' ca server.foo.bar certificate '/etc/pki/certs/ca-chain.cert.pem' pki server.foo.bar key '/etc/pki/private/RSA_smtp_wan_server_vtol.km.key.pem' pki server.foo.bar certificate '/etc/pki/certs/RSA_smtp_wan_server_vtol.km.cert.pem' listen on lo inet4 port 25 tls hostname mail mask-source tag lo listen on lo inet4 port 587 smtps hostname mail mask-source tag lo listen on eth0 inet4 port 25 tls-require hostname mail mask-source tag lan listen on eth0 inet4 port 587 smtps hostname mail mask-source tag lan listen on lo port 10028 mask-source tag DKIM # listen on eth0 inet4 port 40025 tls-require hostname server.foo.bar tag wan # listen on eth0 inet4 port 40587 smtps hostname server.foo.bar tag wan accept for local alias <aliases> deliver to lmtp "/var/run/dovecot/lmtp" accept from local for local deliver to lmtp "/var/run/dovecot/lmtp" accept tagged DKIM for any relay accept for any relay via smtp://127.0.0.1:10027 accept for any relay hostname server.foo.bar tls verify accept from local for any relay accept from source 172.25.120.2 for any relay accept from any for domain "foo.bar" alias <aliases> deliver to maildir "~/Maildir" limit mta inet4 max-message-size 5M expire 10m bounce-warn 1m, 10m, 1h, 2h queue encryption key [ obfuscted ] queue compression ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384 -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
