Hi I'm having problem with postfix, when relaying via another postfix smtpserver (Etch) with tls/sasl. The sasl part works perfect all around. When I use the smtp-server with my laptop and Thunderbird tls works fine, I connect and is offered the certificate. But when it comes to postfix, something goes wrong...
# -- Client TLS parameters -- smtpd_tls_cert_file=/etc/postfix/mail.dom1.dk.cert smtpd_tls_loglevel=3 smtp_use_tls = yes #smtp_enforce_tls = yes smtp_tls_security_level = may # -- Server TLS -- smtpd_tls_cert_file=/etc/postfix/mail.dom1.dk.cert smtpd_tls_key_file=/etc/postfix/mail.dom1.dk.key tls_random_source = dev:/dev/urandom smtpd_tls_received_header = yes smtpd_tls_auth_only = yes smtpd_use_tls=yes smtpd_tls_loglevel=2 smtpd_tls_security_level = may -- Client: if "smtpd_tls_security_level = may" is uncommented---- Nov 28 16:12:14 highway postfix/smtp[17546]: BFBB13EE: to=<[EMAIL PROTECTED]>, orig_to=<[EMAIL PROTECTED]>, relay=mail.dom1.dk[172.16.0.35]:25, delay=0.36, delays=0.01/0.01/0.33/0.01, dsn=5.7.1, status=bounced (host mail.dom1.dk[172.16.0.35] said: 554 5.7.1 <[EMAIL PROTECTED]>: Relay access denied (in reply to RCPT TO command)) -- Client:if "smtpd_tls_security_level = may" is commented---- ov 28 16:14:08 highway postfix/qmgr[17561]: C2A9F401: from=<[EMAIL PROTECTED]>, size=295, nrcpt=1 (queue active) Nov 28 16:14:09 highway postfix/smtp[17569]: certificate verification failed for mail.dom1.dk: num=18:self signed certificate Nov 28 16:14:09 highway postfix/smtp[17569]: SSL_connect error to mail.dom1.dk: -1 Nov 28 16:14:09 highway postfix/smtp[17569]: warning: TLS library problem: 17569:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: Nov 28 16:14:09 highway postfix/smtp[17569]: C2A9F401: to=<[EMAIL PROTECTED]>, relay=mail.dom1.dk[172.16.0.35]:25, delay=0.25, delays=0.07/0.11/0.07/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure) Shouldn't the few lines and the cert from the smtp-server be enough for relaying? /Lars -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
