On Thu, Feb 05, 2009 at 04:25:50PM +0100, Patrick Ben Koetter wrote:
> * Tolga <to...@ozses.net>:
> > I am reading The Book of Postfix, I applied the steps CA.pl -newca, openssl
> > req -new -nodes -keyout privatekey.pem -out privatekey.pem -days 1825 and
> > openssl ca -policy policy_anything -out publiccert.pem -infiles
> > privatekey.pem , copied the key and cert under /etc/ssl/private and
> > /etc/ssl/certs and restarted postfix, but I am obviously missing something
> > and I can't use the new certificate. Can you help me?
>
> Yes.
>
> 1. Send output from "postconf -n".
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_reverse_client_hostname, reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org
smtpd_tls_CAfile = /usr/share/ssl-cert/ca-bundle.crt
smtpd_tls_cert_file = /etc/ssl/certs/publiccert.pem
smtpd_tls_key_file = /etc/ssl/private/privatekey.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
> 2. Are the certficates readable by postfix?
-rw-r--r-- 1 root root 1599 2009-02-05 16:33 privatekey.pem
-rw-r--r-- 1 root root 3313 2009-02-05 16:34 /etc/ssl/certs/publiccert.pem
> 3. Does the server offer STARTTLS?
I think so, yes
>
> p...@rick
Regards,
/Tolga
>
> --
> The Book of Postfix
> <http://www.postfix-book.com>
> saslfinger (debugging SMTP AUTH):
> <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
