Patrick Ben Koetter yazmış:
* Tolga <to...@ozses.net>:
Please show evidence of such a session.
to...@ozses:~$ openssl s_client -starttls smtp -CApath /etc/ssl/private
-connect localhost:25
CONNECTED(00000003)
depth=0
/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
verify error:num=27:certificate not trusted
verify return:1
depth=0
/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0
s:/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
i:/C=TR/ST=Marmara/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDDjCCAnegAwIBAgIJAMuv6k2+o3WcMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD
VQQGEwJUUjEQMA4GA1UECBMHTWFybWFyYTESMBAGA1UEChMJb3pzZXMubmV0MRIw
EAYDVQQLEwlvenNlcy5uZXQxFzAVBgNVBAMTDm1haWwub3pzZXMubmV0MR4wHAYJ
KoZIhvcNAQkBFg90b2xnYUBvenNlcy5uZXQwHhcNMDkwMjA1MTQzMzUxWhcNMTQw
MjA0MTQzMzUxWjCBkzELMAkGA1UEBhMCVFIxEDAOBgNVBAgTB01hcm1hcmExETAP
BgNVBAcTCElzdGFuYnVsMRIwEAYDVQQKEwlvenNlcy5uZXQxEjAQBgNVBAsTCW96
c2VzLm5ldDEXMBUGA1UEAxMObWFpbC5venNlcy5uZXQxHjAcBgkqhkiG9w0BCQEW
D3RvbGdhQG96c2VzLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1YeN
GnieccAyaTqo0Nd4RAQ9TY/eU6WDgDyDeeHeB67HOTtD0gEeYpvdlWLsB6dytLnv
ZftiVVUwJp5wYhrQ1MWiNWHr2Acsnut9ncCT2BJpJtxCOJjQxeTdgVkivRxEn9Ld
Qdx2wU6bEXTRBpmuFOgCeSNY+c1tLZymjUIvfm8CAwEAAaN7MHkwCQYDVR0TBAIw
ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFDGp/vdDE4WgdN0Ws1ivaWD3qwcMMB8GA1UdIwQYMBaAFP1Fqtvo
0OcEjrEBAielk/PHdN0xMA0GCSqGSIb3DQEBBQUAA4GBAMLqlIM3h72Nh4X8YmYa
PtBET7/yvZfwkawoOoYe+WabP3cInVQE8PW3NH4ZAo1d3+gjHFJY/3HsLff1f7cd
QL09Eraa3+BXpsnml2Oihz2xvOb5yk2cbSkey2heGolVL0fWngjNXWukPX8J/TpS
0kInfrW+/ImF48nHXA+gY5G1
-----END CERTIFICATE-----
subject=/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
issuer=/C=TR/ST=Marmara/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
---
No client certificate CA names sent
---
SSL handshake has read 1550 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 65FEA867DF1A98DAC7E843E4681FA9BE38B1DBD6E5EB4D71DB3B2701E6B38D77
Session-ID-ctx:
Master-Key: 90DD04655DD98A99CD787C482357FB1F818764547C4143FF8923C6790A3898F24B3884F595430BA94F7FED629ADCD193
Key-Arg : None
Start Time: 1233903841
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
Here's your error: "unable to verify the first certificate". Did you add your
CA certificate to your CA certificate store ca-bundles.crt (in your case)?
p...@rick
I just did that, restarted postfix, and when I did an openssl s_client
-starttls smtp -CAfile /etc/ssl/certs/ca-certificates.crt -connect
localhost:25, I got the below:
CONNECTED(00000003)
depth=1
/C=TR/ST=Marmara/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
verify return:1
depth=0
/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
verify return:1
---
Certificate chain
0
s:/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
i:/C=TR/ST=Marmara/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDDjCCAnegAwIBAgIJAMuv6k2+o3WcMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD
VQQGEwJUUjEQMA4GA1UECBMHTWFybWFyYTESMBAGA1UEChMJb3pzZXMubmV0MRIw
EAYDVQQLEwlvenNlcy5uZXQxFzAVBgNVBAMTDm1haWwub3pzZXMubmV0MR4wHAYJ
KoZIhvcNAQkBFg90b2xnYUBvenNlcy5uZXQwHhcNMDkwMjA1MTQzMzUxWhcNMTQw
MjA0MTQzMzUxWjCBkzELMAkGA1UEBhMCVFIxEDAOBgNVBAgTB01hcm1hcmExETAP
BgNVBAcTCElzdGFuYnVsMRIwEAYDVQQKEwlvenNlcy5uZXQxEjAQBgNVBAsTCW96
c2VzLm5ldDEXMBUGA1UEAxMObWFpbC5venNlcy5uZXQxHjAcBgkqhkiG9w0BCQEW
D3RvbGdhQG96c2VzLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1YeN
GnieccAyaTqo0Nd4RAQ9TY/eU6WDgDyDeeHeB67HOTtD0gEeYpvdlWLsB6dytLnv
ZftiVVUwJp5wYhrQ1MWiNWHr2Acsnut9ncCT2BJpJtxCOJjQxeTdgVkivRxEn9Ld
Qdx2wU6bEXTRBpmuFOgCeSNY+c1tLZymjUIvfm8CAwEAAaN7MHkwCQYDVR0TBAIw
ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFDGp/vdDE4WgdN0Ws1ivaWD3qwcMMB8GA1UdIwQYMBaAFP1Fqtvo
0OcEjrEBAielk/PHdN0xMA0GCSqGSIb3DQEBBQUAA4GBAMLqlIM3h72Nh4X8YmYa
PtBET7/yvZfwkawoOoYe+WabP3cInVQE8PW3NH4ZAo1d3+gjHFJY/3HsLff1f7cd
QL09Eraa3+BXpsnml2Oihz2xvOb5yk2cbSkey2heGolVL0fWngjNXWukPX8J/TpS
0kInfrW+/ImF48nHXA+gY5G1
-----END CERTIFICATE-----
subject=/C=TR/ST=Marmara/L=Istanbul/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
issuer=/C=TR/ST=Marmara/O=ozses.net/OU=ozses.net/CN=mail.ozses.net/emailaddress=to...@ozses.net
---
No client certificate CA names sent
---
SSL handshake has read 1550 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 7F5D4F111580DC176FF265EEEA3C028BF973B796865BCC695ED7056A3A6EFA50
Session-ID-ctx:
Master-Key:
818D5B49C5CB09E8490FD03042774E97C5569A7FA39A2A77FB6E0A455B0A433CA9F6A4BA6CA15E0CABE22E2735D2B43E
Key-Arg : None
Start Time: 1233918080
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
but I still can't use the new certificate :(
Regards,
/Tolga
---
250 DSN
p...@rick
Regards,
/Tolga
--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
--
Linux mtozses-laptop 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
System information as of Cum Şub 6 13:00:01 EET 2009
System load: 1.16 Memory usage: 65% Processes: 193
Usage of /: 94.7% of 46.57GB Swap usage: 4% Users logged in: 1
=> / is using 94.7% of 46.57GB
=> /mnt/depo is using 91.6% of 60.53GB
=> /mnt/image is using 98.9% of 366.16GB
Graph this data and manage this system at https://landscape.canonical.com/
