On Mon, Sep 02, 2013 at 08:04:23PM -0700, FliedRice wrote:
> Sep 2 17:56:41 boaz postfix/smtp[4234]: warning: TLS library problem:
> 4234:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:126:fopen('/etc/ssl/certs/ca-certificates.crt','r'):
The file is missing as reported by Postfix on behalf of the OpenSSL library.
> I see the reference to /etc/ssl/certs/ca-certificates.crt in main.cf
>
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
>
> But the file does not exist,
And also by you.
> Other than this error, Postfix seems to be functioning fine.
You are not using TLS to send mail, so it goes out over an unecrypted
connection even when the destination supports TLS.
> I do not know what to put or what to do to resolve this, so if you have
> an answer please be EXPLICIT.
explicit:
main.cf:
smtp_tls_security_level = may
#
# None of the below need non-empty values for opportunistic
# unauthenticated TLS. The empty values are in fact default settings
# for Postfix, but some O/S distributions populate these with large
# lists of CAs I'd never trust and/or default "snake-oil" client
# certificates that serve no purpose.
#
# Either remove these entirely from main.cf, or set them explicitly
# to empty values.
#
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_key_file =
At high traffic volumes I would add:
# Reuse TLS sessions
#
scache = btree:${data_directory}/
smtp_tls_session_cache_database = ${scache}smtp_scache
Read:
http://www.postfix.org/TLS_README.html#client_tls_may
http://www.postfix.org/TLS_README.html#client_cert_key
http://www.postfix.org/TLS_README.html#client_tls_cache
Ralf Hildebrandt and Patrick Koetter wrote a reasonably friendly book
about Postfix, consider obtaining a copy.
--
Viktor.
