* Tolga <to...@ozses.net>: > > Please show evidence of such a session. > > to...@ozses:~$ openssl s_client -starttls smtp -CApath /etc/ssl/private > -connect localhost:25 > CONNECTED(00000003) > depth=0 > /C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 > /C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net > verify error:num=27:certificate not trusted > verify return:1 > depth=0 > /C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net > verify error:num=21:unable to verify the first certificate > verify return:1 > --- > Certificate chain > 0 > s:/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net > > i:/C=TR/ST=Marmara/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIDDjCCAnegAwIBAgIJAMuv6k2+o3WcMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD > VQQGEwJUUjEQMA4GA1UECBMHTWFybWFyYTESMBAGA1UEChMJb3pzZXMubmV0MRIw > EAYDVQQLEwlvenNlcy5uZXQxFzAVBgNVBAMTDm1haWwub3pzZXMubmV0MR4wHAYJ > KoZIhvcNAQkBFg90b2xnYUBvenNlcy5uZXQwHhcNMDkwMjA1MTQzMzUxWhcNMTQw > MjA0MTQzMzUxWjCBkzELMAkGA1UEBhMCVFIxEDAOBgNVBAgTB01hcm1hcmExETAP > BgNVBAcTCElzdGFuYnVsMRIwEAYDVQQKEwlvenNlcy5uZXQxEjAQBgNVBAsTCW96 > c2VzLm5ldDEXMBUGA1UEAxMObWFpbC5venNlcy5uZXQxHjAcBgkqhkiG9w0BCQEW > D3RvbGdhQG96c2VzLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1YeN > GnieccAyaTqo0Nd4RAQ9TY/eU6WDgDyDeeHeB67HOTtD0gEeYpvdlWLsB6dytLnv > ZftiVVUwJp5wYhrQ1MWiNWHr2Acsnut9ncCT2BJpJtxCOJjQxeTdgVkivRxEn9Ld > Qdx2wU6bEXTRBpmuFOgCeSNY+c1tLZymjUIvfm8CAwEAAaN7MHkwCQYDVR0TBAIw > ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw > HQYDVR0OBBYEFDGp/vdDE4WgdN0Ws1ivaWD3qwcMMB8GA1UdIwQYMBaAFP1Fqtvo > 0OcEjrEBAielk/PHdN0xMA0GCSqGSIb3DQEBBQUAA4GBAMLqlIM3h72Nh4X8YmYa > PtBET7/yvZfwkawoOoYe+WabP3cInVQE8PW3NH4ZAo1d3+gjHFJY/3HsLff1f7cd > QL09Eraa3+BXpsnml2Oihz2xvOb5yk2cbSkey2heGolVL0fWngjNXWukPX8J/TpS > 0kInfrW+/ImF48nHXA+gY5G1 > -----END CERTIFICATE----- > subject=/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net > issuer=/C=TR/ST=Marmara/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net > --- > No client certificate CA names sent > --- > SSL handshake has read 1550 bytes and written 351 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 1024 bit > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: > 65FEA867DF1A98DAC7E843E4681FA9BE38B1DBD6E5EB4D71DB3B2701E6B38D77 > Session-ID-ctx: > Master-Key: > 90DD04655DD98A99CD787C482357FB1F818764547C4143FF8923C6790A3898F24B3884F595430BA94F7FED629ADCD193 > Key-Arg : None > Start Time: 1233903841 > Timeout : 300 (sec) > Verify return code: 21 (unable to verify the first certificate)
Here's your error: "unable to verify the first certificate". Did you add your CA certificate to your CA certificate store ca-bundles.crt (in your case)? p...@rick > --- > 250 DSN > > > > > p...@rick > > Regards, > > /Tolga > > > > > -- > > The Book of Postfix > > <http://www.postfix-book.com> > > saslfinger (debugging SMTP AUTH): > > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
