-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Wednesday 2007-04-18 at 11:03 +0200, Sandy Drobic wrote:
> You have a problem with the tlsmgr. Please check that you indeed have an
> entry for tlsmgr:
>
> /etc/postfix/master.cf:
> tlsmgr unix - - n 1000? 1 tlsmgr
Yep! It works now. At least, it doesn't complain of that, now I get new
complaints:
Apr 18 14:09:21 nimrodel postfix/smtp[23556]: certificate verification
failed for mx1.suse.de: num=19:self signed certificate in certificate
chain
This is a never ending tale! :-)
I guess I would have to import their certificate somehow.
> Also run:
> postfix upgrade-configuration
> postfix set-permissions
> postfix check
>
> This applies escpecially if you have upgraded your system from earlier
> versions of Suse.
Ah... ok. First I stop postfix and fetchmail... (oops, I stopped
fetchmail while it was fetching)... make a backup... run that...
nimrodel:/etc/postfix # postfix upgrade-configuration
Editing /etc/postfix/master.cf, adding missing entry for discard service
Note: the following files or directories still exist but are no
longer part of Postfix:
/etc/postfix/pcre_table /etc/postfix/regexp_table
nimrodel:/etc/postfix # postfix set-permissions
nimrodel:/etc/postfix # postfix check
nimrodel:/etc/postfix #
Done!
Sort by date, find what was modified...
prng_exch - what's this? A binary, not new, but new to me.
master.cf
tls_random_exchange_name (default: ${config_directory}/prng_exch)
Name of the pseudo random number generator (PRNG) state file that is
maintained by tlsmgr(8). The file is created when it does not exist,
and its length is fixed at 1024 bytes.
Since this file is modified by Postfix, it should probably be kept in
the / var file system, instead of under $config_directory. The
location should not be inside the chroot jail.
This feature is available in Postfix 2.2 and later.
Curious! But it is kept in /etc/postfix.
nimrodel:/etc/postfix # diff master.cf master.cf.old
150d149
< discard unix - - n - - discard
nimrodel:/etc/postfix #
A new entry! I wonder why Yast didn't do this while updating my system
two months ago.
Send a test email... worked fine. Good! :-)
> You might also want to check if AppArmor is interfering.
Ah, yes, I tend to forget that one [...] no, nothing there.
> > I understand that using tsl for server is more complicated, defining keys,
> > etc. But as a client, I thought it was easier. I must be missing
> > something.
> >
> > Ok... my config is thus (postconf | grep smtp_tls):
>
> No certs are neccessary for Postfix to use TLS as a client.
I thought so.
> > smtp_use_tls (default: no)
> >
> > ...
> > This feature is available in Postfix 2.2 and later. With
> > Postfix 2.3 and later use smtp_tls_security_level instead.
> >
>
> Yes, the setting is deprecated, for Postfix 2.3 upwards the parameter
> below should be used.
>
> > smtp_tls_security_level (default: empty)
I set it to "may", ie, oportunistic. It appears my provider doesn't allow
tls, anyway.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFGJhGktTMYHG2NR9URAl5YAJ9ZtBXgiyEopXrNinpI79ikxffpQwCfYTC7
btzWM2jX1SdY24nmUHqf7n4=
=6T1+
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
