On Mon, Sep 08, 2008 at 08:15:24AM +0200, mouss wrote: > Travis wrote: > >I also notice that even though the SSL keys have passwords on them, > >postfix never prompts for them. > > > > daemons do not prompt.
Perhaps they should not, but apache does. Dovecot has a config file entry with the password to the key to allow use of keys with passwords, which is helpful because: It turns out that my software (tinyca2) as well as the normal openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 (suggested here: https://help.ubuntu.com/community/Postfix) both prompt for passwords with which to encrypt the key. > As > http://www.postfix.org/TLS_README.html > says: > "The private key must not be encrypted, meaning: the key must be > accessible without a password" Ah, thank you. > it is probable that you have a config error in your sasl configuration > (smtpd.conf). run saslfinger and report its output. saslfinger - postfix Cyrus sasl configuration Mon Sep 8 23:58:13 CEST 2008 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.3.8 System: Debian GNU/Linux 4.0 \n \l -- smtpd is linked to -- libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d2e000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /c/keys/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /c/keys/mail.bitrot.info-cert.pem smtpd_tls_key_file = /c/keys/mail.bitrot.info-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes -- listing of /usr/lib/sasl2 -- total 112 drwxr-xr-x 2 root root 4096 Jul 25 03:08 . drwxr-xr-x 58 root root 20480 Sep 8 01:16 .. -rw-r--r-- 1 root root 21726 Dec 13 2006 libsasldb.a -rw-r--r-- 1 root root 856 Dec 13 2006 libsasldb.la -rw-r--r-- 1 root root 17980 Dec 13 2006 libsasldb.so -rw-r--r-- 1 root root 17980 Dec 13 2006 libsasldb.so.2 -rw-r--r-- 1 root root 17980 Dec 13 2006 libsasldb.so.2.0.22 -- content of /etc/postfix/sasl/smtpd.conf -- # Global parameters log_level: 3 pwcheck_method: saslauthd mech_list: plain login -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - - - - smtpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o fallback_relay= showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -- mechanisms on localhost -- -- end of saslfinger output -- -- Crypto ergo sum. http://www.subspacefield.org/~travis/ Truth does not fear scrutiny or competition, only lies do. If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted.
