On 4/12/2013 2:25 PM, Joan Moreau wrote: > Hi, > > I am stuck with making my SSL SMTPS (port 465) works, while it was > working fine since ever. > > I upgraded my kernel to 3.8.6 and since then, nothing works :( > >
What happens when you test it? # openssl s_client -connect 127.0.0.1:465 What does postfix log? http://www.postfix.org/DEBUG_README.html#logging -- Noel Jones > > Here my postconf -n > > alias_maps = hash:/etc/aliases > biff = no > bounce_queue_lifetime = 6h > broken_sasl_auth_clients = yes > canonical_maps = hash:/etc/postfix/canonical > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/lib/postfix > data_directory = /var/lib/postfix > defer_transports = > delay_warning_time = 1h > disable_dns_lookups = no > disable_mime_output_conversion = no > dovecot_destination_recipient_limit = 1 > header_checks = pcre:/etc/postfix/smtp_header_checks > html_directory = no > inet_interfaces = all > inet_protocols = ipv4 > local_recipient_maps = > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailbox_size_limit = 0 > mailbox_transport = dovecot > mailq_path = /usr/bin/mailq > manpage_directory = /usr/share/man > masquerade_classes = envelope_sender, header_sender, header_recipient > masquerade_domains = > masquerade_exceptions = root > maximal_queue_lifetime = 1d > message_size_limit = 204800000 > mydestination = $myhostname, localhost.$mydomain > mydomain = grosjo.net > myhostname = grosjo.net > mynetworks = 127.0.0.0/8 204.93.196.46/32 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases > proxy_read_maps = $virtual_mailbox_domains $local_recipient_maps > $mydestination $virtual_alias_maps $virtual_alias_domains > $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps > $relay_domains $canonical_maps $sender_canonical_maps > $recipient_canonical_maps $relocated_maps $transport_maps > $mynetworks $virtual_mailbox_limit_maps > queue_directory = /var/spool/postfix > readme_directory = no > relayhost = > relocated_maps = hash:/etc/postfix/relocated > sample_directory = /usr/share/doc/packages/postfix/samples > sender_canonical_maps = hash:/etc/postfix/sender_canonical > sendmail_path = /usr/sbin/sendmail > setgid_group = maildrop > slow_destination_concurrency_limit = 2 > slow_destination_recipient_limit = 1 > smtp_header_checks = pcre:/etc/postfix/smtp_header_checks > smtp_sasl_auth_enable = no > smtp_tls_CAfile = /etc/ssl/ca-bundle.crt > smtp_tls_cert_file = /etc/ssl/certs/gjnet.crt > smtp_tls_key_file = /etc/ssl/certs/gjnet.key > smtp_tls_session_cache_database = hash:/var/lib/postfix/smtp_scache > smtp_use_tls = no > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) > smtpd_client_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, permit > smtpd_helo_required = no > smtpd_helo_restrictions = > smtpd_recipient_restrictions = > permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname,reject_rbl_client > bl.spamcop.net,reject_rbl_client > sbl-xbl.spamhaus.org,check_policy_service inet:127.0.0.1:10023 > smtpd_relay_restrictions = permit_mynetworks > permit_sasl_authenticated defer_unauth_destination > smtpd_sasl_auth_enable = no > smtpd_sasl_local_domain = $mydomain > smtpd_sasl_path = smtpd > smtpd_sasl_security_options = noanonymous > smtpd_sender_restrictions = permit_sasl_authenticated > smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt > smtpd_tls_CApath = /etc/ssl/certs > smtpd_tls_cert_file = /etc/ssl/certs/gjnet.crt > smtpd_tls_key_file = /etc/ssl/certs/gjnet.key > smtpd_tls_loglevel = 3 > strict_8bitmime = no > strict_rfc821_envelopes = no > transport_maps = hash:/etc/postfix/transport > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf > virtual_gid_maps = static:1002 > virtual_mailbox_base = /data/mail > virtual_mailbox_domains = > mysql:/etc/postfix/mysql_virtual_domains_maps.cf > virtual_mailbox_limit = 0 > virtual_mailbox_limit_maps = > mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf > virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf > virtual_minimum_uid = 10001 > virtual_transport = dovecot > virtual_uid_maps = static:10001 > > my master.cf > > mtp inet n - n - - smtpd > # -o content_filter=spamassassin > #smtps inet n - n - - smtpd -o > smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes > smtps inet n - n - - smtpd -o > smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes > submission inet n - n - - smtpd -o > smtpd_enforce_tls=yes > pickup fifo n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr fifo n - n 300 1 qmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > tlsmgr unix - - n 1000? 1 tlsmgr > proxymap unix - - n - - proxymap > smtp unix - - n - - smtp > relay unix - - n - - smtp -o > smtp_helo_timeout=5 -o smtp_connect_timeout=5 > showq unix n - n - - showq > error unix - - n - - error > discard unix - - n - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > scache unix - - n - 1 scache > # spamassassin unix - n n - - pipe > flags=DRhu user=mailusers argv=/usr/bin/spamc -e /usr/sbin/sendmail > -oi -f ${sender} ${recipient} > retry unix - - n - - error > proxywrite unix - - n - 1 proxymap > dovecot unix - n n - - pipe > flags=DRhu user=mailusers argv=/usr/bin/spamc -4 -e > /usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} > tlsmgr unix - - n 1000? 1 tlsmgr > slow unix - - n - 1 smtp -o > syslog_name=postfix-slow -o smtp_destination_concurrency_limit=1 -o > slow_destination_rate_delay=12 > > and the compilation of postifx 2.10.0 : > > make -f Makefile.init makefiles 'CCARGS=-DHAS_PCRE -DHAS_MYSQL > -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -UHAS_LDAP -UHAS_IPV6 -DUSE_TLS > -I/usr/include/mysql/ -I/usr/include/sasl ' > 'AUXLIBS=-L/usr/lib/mysql/ -lmysqlclient -lssl -lcrypto -lz -lm > -lpcre -lsasl2' > > > > I am desesprate > > Can you help ? > > Thank you > > > > >
