Sahil Tandon wrote:
sean darcy wrote:
Victor Duchovni wrote:
On Mon, Dec 22, 2008 at 12:08:20PM -0500, Asif Iqbal wrote:
smtp_use_tls = yes
This is obsolete. Set:
smtp_tls_security_level = encrypt
or better (given suitable CAfile or CApath):
smtp_tls_security_level = secure
So where would you get the certificate to authenticate to google or
1and1.
The smtp (client), as opposed to the smtpd (server), does not need a
certificate to authenticate to google.
Well, my smtp client seems to need it:
Dec 26 09:41:26 asterisk postfix/pickup[8353]: F3867460F2: uid=0 from=<root>
Dec 26 09:41:27 asterisk postfix/cleanup[8371]: F3867460F2:
message-id=<20081226144126.f386746...@asterisk.localdomain>
Dec 26 09:41:27 asterisk postfix/qmgr[8352]: F3867460F2:
from=<r...@asterisk.localdomain>, size=41086, nrcpt=1 (queue active)
Dec 26 09:41:27 asterisk postfix/smtp[8376]: certificate verification
failed for smtp.gmail.com[209.85.133.111]:587: untrusted issuer
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
But I found that Fedoda 9 installs a ca-bundle as part of openssl.
So this is what worked for me. I didn't change anything in
/etc/postfix/main.cf except to add this at the very end:
## all this to setup sending over gmail:
relayhost = [smtp.gmail.com]:submission
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
## if you're using certificates
smtp_tls_CAfile=/etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = secure
## if you're not
# smtp_tls_security_level = encrypt
and I created file sasl_paswd:
cat sasl_passwd
[smtp.gmail.com]:submission username:password
and it works like a charm.
Thanks for all the help. Greatly appreciated.
sean
