RE: Doing something wrong.

Wayne Spivak Wed, 19 Jan 2022 14:08:08 -0800

That was the solution for TLS failing when I start postfix:

perl -lne print file1 file2 file3

I then tested with:

[root@mcq postfix]# posttls-finger -cC -lsecure '[mcq.sbanetweb.com]'
posttls-finger: warning: DNSSEC validation may be unavailable
posttls-finger: warning: reason: dnssec_probe 'ns:.' received a response
that is not DNSSEC validated
posttls-finger: certificate verification failed for
mcq.sbanetweb.com[96.224.250.24]:25: untrusted issuer /C=US/O=Entrust,
Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for
authorized use only/CN=Entrust Root Certification Authority - G2
posttls-finger: mcq.sbanetweb.com[96.224.250.24]:25:
subject_CN=mcq.sbanetweb.com, issuer_CN=Entrust Certification Authority -
L1K,
fingerprint=1E:69:25:44:74:52:B4:C5:AA:C4:9F:7C:E8:F7:0B:96:A7:35:A9:F6:60:1
F:D4:07:30:CD:B3:6B:99:69:88:EC,
pkey_fingerprint=89:F7:3F:9B:2F:6F:F1:51:7B:4E:4C:CD:D5:5D:CB:C7:CE:CA:75:C9
:CF:D8:73:EB:08:D2:71:1A:48:8E:FC:CD
posttls-finger: Untrusted TLS connection established to
mcq.sbanetweb.com[96.224.250.24]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256

And as you see it still is failing.

I'm also getting an error on submission in the log, Error is  no such
file/directory.

Ideas?

-----Original Message-----
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On
Behalf Of Viktor Dukhovni
Sent: Wednesday, January 19, 2022 4:54 PM
To: postfix-users@postfix.org
Subject: Re: Doing something wrong.

On Wed, Jan 19, 2022 at 04:40:29PM -0500, Wayne Spivak wrote:

> I am creating the file by using cat file1 file2 file3 > ws.pem (which 
> is my test combo file)

Does the last "line" of each of the files end in a newline character?
A missing newline at the end of file1 or file2 will corrupt the concatenated
result.

In that case, you'll get more useful results with:

    perl -lne print file1 file2 file3

rather than :

    cat file1 file2 file3

Also with "cat ... > ws.pem", if ws.pem does not already exist it may be
created world-readable.  Be sure to set a sensible umask (077), or:

    # rm -f combo.pem
    # openssl pkey -in keyfile.pem -out combo.pem
    # perl -lne print certfile.pem ... >> combo.pem

which sets sensible permissions when creating a new private key file.

-- 
    Viktor.

RE: Doing something wrong.

Reply via email to