On Sun, Apr 16, 2023 at 06:03:09PM +0300, Oleksandr via Postfix-users wrote:
> Okay, Viktor! I executed these commands and got this result:
>
> $ dnsname=mailserver.mail.lan
> $ rm certkey.pem
> rm: Unable to delete 'certkey.pem': No such file or directory
> user@mailserver:~$ openssl req -new -nodes -newkey rsa:2048 -keyout
> /dev/stdout \
> -config <(printf 'distinguished_name=dn\n[dn]\nprompt=yes\n') -x509
> -subj / -days 3653 \
> -addext "basicConstraints = critical,CA:FALSE" \
> -addext "extendedKeyUsage = serverAuth" \
> -addext "subjectAltName = DNS:$dnsname" >> certkey.pem
> Generating a RSA private key
> ......+++++
> ..............................+++++
> writing new private key to '/dev/stdout'
> -----
>
> But the 465/SSL mail is still not accepted.
> The PF logs still have the same lines:
>
> Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: connect from
> unknown[192.168.8.144]
> Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: SSL_accept error from
> unknown[192.168.8.144]: Connection reset by peer
> Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: lost connection after
> CONNECT from unknown[192.168.8.144]
> Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: disconnect from
> unknown[192.168.8.144] commands=0/0
>
> What else do I need to do?
Did you reconfigure Postfix to use the generated PEM file as your
certificate and private key file?
# smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
# smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
# Install in /etc/postfix, chown root, chmod 0400
smtpd_tls_cert_file = /etc/postfix/certkey.pem
smtpd_tls_key_file = /etc/postfix/certkey.pem
# With Postfix 3.4 or later instead:
smtpd_tls_chain_files = /etc/postfix/certkey.pem
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
