Carlos Williams wrote:
On Tue, Jul 21, 2009 at 11:33 AM, Noel Jones<njo...@megan.vbhcs.org> wrote:
Without logs it's much more difficult to diagnose the problem; with no
obvious configuration errors we're reduced to guessing. Postfix logging is
handled by your system's syslog program. Check your syslog.conf file to see
where it stores mail logs. Sometimes errors are stored in a separate file.
You really need the logs.
I will check and see what I can find in my logs.
My wild guess is that your certificates are somehow broken. The fix would be
to start over and carefully follow:
http://www.postfix.org/TLS_README.html#quick-start
I don't think I mentioned this but I am using a Verisign SSL
certificate. This is normally used by Apache web server but was told
that Postfix can use the same SSL certificate.
I used OpenSSL to generate a CSR on my mail server:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR198
Then I downloaded my private key issued from Verisign along with my
public certificate on my mail server. I know that when my IMAP server
(Dovecot) uses my SSL certificate for TLS & it appears to be working
great. The only thing I noted is that my Dovecot config file
/etc/dovecot.conf file requires the SSL passphrase to properly access
/ use the SSL Verisign certificate. With out that passphrase, I don't
think my MAU would properly have TLS working. I am guessing that in
order for Postfix to use my SSL certificate, does it not also require
the SSL certificate passphrase? How would I configure this with my
MTA?
Ah, that's an important detail.
Postfix does not support password-protected certificates. You
can use openssl to remove the password. I forget the command
offhand, but google knows. There is no security advantage
between storing a password in a config file and storing a
certificate with no password. Either way, security depends on
the OS file access permissions.
Or you can just use a self-signed certificate for postfix.
-- Noel Jones
