Am 05.04.2013 16:46, schrieb Peter L. Berghold: > Gettting very frustrated with trying to set up TLS using a StartSSL (StartCom) > cert. > > Here are the applicable lines (sanitized of course) I used to set this > up: > smtpd_use_tls = yes > smtp_use_tls = yes > smtp_tls_note_starttls_offer = yes > smtpd_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem > smtp_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem > smtpd_tls_CApath=/etc/postfix/ssl > smtp_tls_CApath=$smtpd_tls_CAPath > smtpd_tls_certfile=/etc/postfix/ssl/server.crt > smtpd_tls_key_file=/etc/postfix/ssl/mydomain.key > smtpd_tls_loglevel=4 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > > This is aping everything I've read on the topic on a variety of sites. > > The error I'm seeing in the maillog is: > Apr 5 10:43:36 myhostname postfix/smtpd[14839]: warning: No server certs > available. TLS won't be enabled > > I've double checked the files (especially the cert file) and they are all > where > I expect them to be. What in the world am I missing?
we don't know because you refused to provide output of "postconf -n" as statet in the welcome message as well as in the documentation random snippets of a config-file are worthless because often enough people overwrite settings somewhere later and only "postconf -n" show the REALLY active config _____________________________________ this a for sure working config for both incoming and outgoing [root@srv-rhsoft:~]$ postconf -n | grep smtpd_tls smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtpd_tls_cert_file = /etc/postfix/certs/localhost.pem smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /etc/postfix/certs/localhost.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s [root@srv-rhsoft:~]$ postconf -n | grep smtp_tls smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_cert_file = /etc/postfix/certs/localhost.pem smtp_tls_exclude_ciphers = DES-CBC3-SHA smtp_tls_key_file = /etc/postfix/certs/localhost.pem smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache smtp_tls_session_cache_timeout = 3600s
signature.asc
Description: OpenPGP digital signature
