2009/8/10 Brian Evans - Postfix List <grkni...@scent-team.com> > Ebbe Hjorth wrote: > > Hi, > > > > I just installed FreeBSD, postfix and dovecot. > > > > I tried to do the setup from purplehat.org <http://purplehat.org>, but > > i keep getting the following error, please help. > > > > Aug 9 14:22:55 mail02 postfix/smtpd[1969]: SSL_accept error from > > mail-ew0-f224.google.com > > <http://mail-ew0-f224.google.com>[209.85.219.224]: -1 > > Aug 9 14:22:55 mail02 postfix/smtpd[1855]: connect from > > bzq-79-182-42-58.red.bezeqint.net > > <http://bzq-79-182-42-58.red.bezeqint.net>[79.182.42.58] > > Aug 9 14:22:55 mail02 postfix/smtpd[1969]: lost connection after > > CONNECT from mail-ew0-f224.google.com > > <http://mail-ew0-f224.google.com>[209.85.219.224] > > See comments below. > > > > > > > mail02# postconf -n > [snip] > > smtpd_recipient_restrictions = permit_mynetworks, > > permit_sasl_authenticated, reject_non_fqdn_hostname, > > reject_non_fqdn_sender, reject_non_fqdn_recipient, > > reject_unauth_destination, reject_unauth_pipelining, > > reject_invalid_hostname, reject_rbl_client list.dsbl.org > > <http://list.dsbl.org>, reject_rbl_client bl.spamcop.net > > <http://bl.spamcop.net>, reject_rbl_client sbl-xbl.spamhaus.org > > <http://sbl-xbl.spamhaus.org> > > > reject_unauth_pipelining has little value here. > dsbl.org is dead. You should remove it. > > smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks > Worthless, suggest removing it to reduce confusion. > > > smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem > > smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem > > smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem > This doesn't seem right. > The CA, cert and key files should NOT be the same. > Google is your friend. > A great guide by a frequent poster here is > > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html >
That is a briliant link, i have read it all and love it, but i have a question regarding FreeBSD It says: [r...@example.com]# cd misc/ [r...@example.com]# cp CA CA_nodes [r...@example.com]# edit CA_nodes But i have no CA - I have searched the harddrive but nothing like that - Do you know what or were ? > > smtpd_use_tls = yes > This is depreciated as of Postfix 2.3 (though still works). > Preferred is "smtpd_tls_security_level=may" >
