Wietse Venema wrote:
sean darcy:
Sep 13 16:00:19 asterisk postfix/smtp[1786]: warning: TLS library
problem: 1786:error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch:x509_cmp.c:304:
Does the client private key match the client (public key) certificate?
See the Postfix TLS_README for an example of how to create these.
Wietse
It doesn't seem to need to match. But reading TLS_README realllly
closely solved it.
Counter-intuitively -at least for me - you set up all the files for
smtpd_tls... That is, you set them up as if you're a server.
So main.cf:
relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = smtp.gmail.com
relay_destination_concurrency_limit = 1
default_destination_concurrency_limit = 5
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_tls_security_options = noanonymous
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile=/etc/pki/CA/cacert.pem
smtp_tls_security_level = may
smtp_tls_scert_verifydepth = 9
smtpd_tls_CAfile=/etc/pki/CA/cacert.pem
smtpd_tls_cert_file=/opt/postfix-mail/postfix.generated.pem.cert
smtpd_tls_key_file=/opt/postfix-mail/postfix-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
Et Voila!
sean
