I'm having some trouble configuring my server for SSL on the
submission port. I think it's my SSL configuration because using TLS
on Thunderbird worked fine, but SSL on Thunderbird (and Mail.app)
fails. I suspect it has to do with the error listed below; which I
got by trying to send a mail manually using the openssl s_client. If
I were to attempt DATA immediately after the lines shown below, it
would return a "no recipient listed" error. The addresses I use in
the MAIL FROM and RCPT TO seem not to matter. (I tried a lot of
possibilities, but I can't claim to be very systemic about that part
of my testing.)
I don't think I changed how I made my CA cert in any significant
manner last time I built up the server, and I don't know of any way to
make a CA cert that's not self signed...
I tried turning on TLS logging, but couldn't make heads or tails of
the result; and it didn't even seem to contain the text shown in the
error.
Can anyone help me understand what's going on? (And if there are any
obvious solutions?)
Thank you.
----- error -----
RCPT TO: kngsp...@gmail.com
RENEGOTIATING
depth=1 /CN=example
CA/emailaddress=...@example.com/O=example/OU=Information Technology
Services/C=US
verify error:num=19:self signed certificate in certificate chain
verify return:0
----- postconf -n -----
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
config_directory = /etc/postfix
mailbox_command = /usr/lib/dovecot/deliver
mydestination = hermes.example.com, localhost.example.com, localhost
recipient_delimiter = +
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/public/ca_cert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/public/hermes.pem
smtpd_tls_key_file = /etc/ssl/private/hermes.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
----- master.cf -----
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
