hi all I am trying to use postfix to fetch data from an external MySQL server in an AWS environment. However it uses encryption I have already made several attempts to use TLSv1 / 2 without success changing the file "/etc/ssl/openssl.conf".
I followed this post but it didn't work for me. https://stackoverflow.com/questions/61568215/openssl-v1-1-1-ubuntu-20-tlsv1-no-protocols-available https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level which guides you to create the changes in the /etc/ssl/openssl.conf file You don't have your config changes quite right. You need to add this to the beginning of your config file: ---------openssl.conf------------- openssl_conf = default_conf--------------------------------------- And then this to the end: -----------openssl.conf--------------- [ default_conf ] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT:@SECLEVEL=1 --------------------------------------- - attempt using ssl Then I created the mysql-virtual-mailbox-domain.cf file with the following content ------------mysql-virtual-mailbox-domain.cf-------------------------user = postfix password = xxxxx dbname = email hosts = 192.168.11.11 query = SELECT dominio AS "virtual" FROM dominios WHERE dominio='%s' tls_CAfile =/etc/postfix/rds-combined-ca-bundle.pem----------------------------------------------------------------------------------- But unsuccessfully, I did this procedure changing the MinProtocol variable for the TLSv1, TLSv1.1 and TLSv1.2 protocols, but without success The log message -------mail.log-------DecĀ 8 13:36:45 server postfix/trivial-rewrite[1880]: warning: connect to mysql server 192.168.11.11: SSL connection error: SSL_CTX_set_default_verify_paths failed ------------------------- checked the read permission of the certificate file. "root@server:~# namei -lv /etc/postfix/rds-combined-ca-bundle.pemf: /etc/postfix/rds-combined-ca-bundle.pem drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root postfix -rw-r--r-- root root rds-combined-ca-bundle.pem root@server:~#" - attempt without using ssl I've been reading the postfix documentation http://www.postfix.org/MYSQL_README.html and created the .my.cnf file inside the postfix home (/var/spool/postfix) with the following content ----------/var/spool/postfix/.my.cnf------------------ [client] ssl_mode=DISABLED -------------------------------------------------------------- Then I created the mysql-virtual-mailbox-domain.cf file with the following content ------------mysql-virtual-mailbox-domain.cf-------------------------user = postfix password = xxxxx dbname = email hosts = 192.168.11.11 query = SELECT dominio AS "virtual" FROM dominios WHERE dominio='%s' option_file = /var/spool/postfix/.my.cnf option_group = client----------------------------------------------------------------------------------- But it didn't work The log message ---------------mail.log-----------------DecĀ 8 13:47:50 server postfix/trivial-rewrite[3395]: warning: connect to mysql server 192.168.11.11: SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol ------------------------------------------ I logging in as a postfix user the .my.cnf file works. ------------------------------------------------------------------------------------ root@server:~# su - postfix -s /bin/bashpostfix@server:~$ mysql -smysql> ------------------------------------------------------------------------------------ I also tried to leave the /etc/ssl/openssl.conf file ------------openssl.conf---------------------------openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] #MinProtocol = TLSv1.2 #CipherString = DEFAULT:@SECLEVEL=1 ---------------------------------------------------- Leaving no options, but without success. Is there any way to make postfix disable ssl or even use the certificate provided by aws the ca file. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html Versions: Ubuntu: Ubuntu 20.04.1 LTS Postfix: 3.4.13 MySQL: 5.6.10 Best Regards.
