On Sun, Apr 16, 2023 at 06:03:09PM +0300, Oleksandr via Postfix-users wrote: > Okay, Viktor! I executed these commands and got this result: > > $ dnsname=mailserver.mail.lan > $ rm certkey.pem > rm: Unable to delete 'certkey.pem': No such file or directory > user@mailserver:~$ openssl req -new -nodes -newkey rsa:2048 -keyout > /dev/stdout \ > -config <(printf 'distinguished_name=dn\n[dn]\nprompt=yes\n') -x509 > -subj / -days 3653 \ > -addext "basicConstraints = critical,CA:FALSE" \ > -addext "extendedKeyUsage = serverAuth" \ > -addext "subjectAltName = DNS:$dnsname" >> certkey.pem > Generating a RSA private key > ......+++++ > ..............................+++++ > writing new private key to '/dev/stdout' > ----- > > But the 465/SSL mail is still not accepted. > The PF logs still have the same lines: > > Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: connect from > unknown[192.168.8.144] > Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: SSL_accept error from > unknown[192.168.8.144]: Connection reset by peer > Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: lost connection after > CONNECT from unknown[192.168.8.144] > Apr 16 17:55:46 mailserver postfix/smtps/smtpd[1512]: disconnect from > unknown[192.168.8.144] commands=0/0 > > What else do I need to do?
Did you reconfigure Postfix to use the generated PEM file as your certificate and private key file? # smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt # smtpd_tls_key_file = /etc/ssl/private/iRedMail.key # Install in /etc/postfix, chown root, chmod 0400 smtpd_tls_cert_file = /etc/postfix/certkey.pem smtpd_tls_key_file = /etc/postfix/certkey.pem # With Postfix 3.4 or later instead: smtpd_tls_chain_files = /etc/postfix/certkey.pem -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org