Results 1 to 2 of 2

Thread: OS13.1: Postfix and STARTTLS

  1. #1

    Post OS13.1: Postfix and STARTTLS

    I got a request by my mail provider to switch to secure communication. My setting at the mail server up to now was USE (or MAY use) TLS, but not to force it. So far I understand it, postfix fell back into an unencrypted connection. But I got trouble as I changed the setting to force TLS, no mails are able to deliver to my mail provider via smtp . I have to say I did all settings within YAST2.

    Various error messages I found in /var/log/mail, e.g.
    Code:
    2014-02-05T21:57:13.884269+01:00 shuttle postfix/smtp[15012]: warning: connect to private/tlsmgr: Connection refused
    2014-02-05T21:57:13.896772+01:00 shuttle postfix/smtp[15012]: warning: problem talking to server private/tlsmgr: Connection refused
    2014-02-05T21:57:14.900666+01:00 shuttle postfix/smtp[15012]: warning: connect to private/tlsmgr: Connection refused
    2014-02-05T21:57:14.902788+01:00 shuttle postfix/smtp[15012]: warning: problem talking to server private/tlsmgr: Connection refused
    2014-02-05T21:57:14.907749+01:00 shuttle postfix/smtp[15012]: warning: no entropy for TLS key generation: disabling TLS support
    2014-02-05T21:57:15.002238+01:00 shuttle postfix/smtp[15012]: A831C473AE: TLS is required, but our TLS engine is unavailable
    2014-02-05T21:57:15.124226+01:00 shuttle postfix/smtp[15012]: A831C473AE: to=<xxx@gxxx.com>, relay=mail.gmx.net[212.227.17.168]:587, delay=1
    .4, delays=0.11/1.1/0.17/0, dsn=4.7.5, status=deferred (TLS is required, but our TLS engine is unavailable)
    or:
    Code:
     2014-02-05T21:58:05.178154+01:00 shuttle postfix/qmgr[15134]: 1FAB0473A7: from=<xxxxxx@gmx.net>, size=627, nrcpt=1 (queue active)
    2014-02-05T21:58:05.458115+01:00 shuttle postfix/smtp[15140]: certificate verification failed for mail.gmx.net[212.227.17.190]:587: untrusted issue
    r /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
    2014-02-05T21:58:05.550335+01:00 shuttle postfix/smtp[15140]: 1FAB0473A7: Server certificate not trusted
    2014-02-05T21:58:05.720818+01:00 shuttle postfix/smtp[15140]: certificate verification failed for mail.gmx.net[212.227.17.168]:587: untrusted issue
    r /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
     2014-02-05T21:58:05.850664+01:00 shuttle postfix/smtp[15140]: 1FAB0473A7: to=<xxx@gxxx.com>, relay=mail.gmx.net[212.227.17.168]:587, delay=3
    70, delays=369/0.1/0.54/0, dsn=4.7.5, status=deferred (Server certificate not trusted)
    Now it is working. What I've done?

    At first I updated the ca-certficates packages.
    Then I removed the postfix package
    I deleted the /etc/postfix folder and the /etc/sysconfig/postfix
    I did a rehash of /etc/ssl/certs (c_rehash /etc/ssl/certs)
    I reinstalled a fresh copy of postfix
    I went through the settings in YAST/mail server
    After that I corrected two things:
    -
    Code:
    ln -s /etc/ssl/certs /etc/postfix/ssl/cacerts
    (since there was a reference to it in the postfix/main.cf)
    - commenting out this line in postfix/master.cf (old: #tlsmgr unix - - n 1000? 1 tlsmgr):
    Code:
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr

    After a restart of the postfix demon all is working now.
    I was a bit disappointed since this was a fresh install of OpenSuSE 13.1 (over an old system, but it wasn't an update)

    I want only to point the problems and the solution, but IMO it seems to be a bug in the configuration of the mail server via YAST2.

    Regards
    Lutz

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: OS13.1: Postfix and STARTTLS

    On 2014-02-06 00:06, lutze wrote:
    > I want only to point the problems and the solution, but IMO it seems to
    > be a bug in the configuration of the mail server via YAST2.


    Mmm. Please report bugs in bugzilla. Here we are users helping users :-)

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •