Re: error using certificate server

[deconya]

Hi Victor

I understand that only is needed to use smtp_tls_security_level? O not
need two options?

In main.cf I have:

#TLS SMTPD PARAMTERES
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/ssl/certs/TERENASSL_PATH.pem
smtpd_tls_key_file = /etc/ssl/private/jupiter_mydomain.pem
smtpd_tls_cert_file = /etc/ssl/mydomain.crt
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
#smtpd_tls_security_level = verify

smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/TERENASSL_PATH.pem
smtp_tls_security_level = verify
smtp_tls_key_file = /etc/ssl/private/jupiter_mydomain.pem
smtp_tls_cert_file = /etc/ssl/mydomain.crt
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#smtp_tls_note_starttls_offer = yes


#SASL
relayhost = smtp.myrelayhost
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
smtp_sasl_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain =
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

broken_sasl_auth_clients = yes
smtpd_sender_login_maps = ldap:/etc/postfix/ldap_aliases.cf
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

tls_random_source = dev:/dev/urandom

smtpd_delay_reject = yes

What can I do to accept the connection to myrelayhost?

Best Regards


-----Mensaje original-----
De: Viktor Dukhovni <postfix-us...@dukhovni.org>
Reply-to: postfix-users@postfix.org
Para: postfix-users@postfix.org
Asunto: Re: error using certificate server
Fecha: Tue, 12 Feb 2013 07:01:24 +0000


On Tue, Feb 12, 2013 at 01:36:15AM +0100, deconya wrote:

> Thanks for you answers
> 
> I continue with the problem and I don't know where I can check more. At
> now the situation is
> 
> -Sends mails deferred
> 
> -In logs appears:
> 
> Feb 12 01:20:50 mailserver postfix/smtpd[16653]: warning:
> smtpd_tls_security_level: unsupported TLS level "verify", using "encrypt"
> Feb 12 01:20:50 mailserver postfix/smtpd[16653]: initializing the
> server-side TLS engine

I give up, you still can't pay attention long enough to distinguish
"smtp_tls_security_level" from "smtpd_tls_security_level". Good luck,
over and out.

--
        Viktor.