Carlos E. R. wrote: > > The Wednesday 2007-04-18 at 11:03 +0200, Sandy Drobic wrote: > >> You have a problem with the tlsmgr. Please check that you indeed have an >> entry for tlsmgr: > >> /etc/postfix/master.cf: >> tlsmgr unix - - n 1000? 1 tlsmgr > > Yep! It works now. At least, it doesn't complain of that, now I get new > complaints: > > Apr 18 14:09:21 nimrodel postfix/smtp[23556]: certificate verification > failed for mx1.suse.de: num=19:self signed certificate in certificate > chain > > This is a never ending tale! :-)
This is just an informational warning, not a functional. > I guess I would have to import their certificate somehow. What you have to import is their root ca certificate, it belongs into smtp_tls_CAfile = /etc/postfix/smtp_cacerts smtp_tls_CApath = /etc/postfix/certs (choose one of these) Because the root ca is not known to Postfix at the moment, Postfix can not verify, that the certificate which mx1.suse.de presents to your server, has indeed been signed by Thawte. This is what you see, when you have stored the Thawte root ca: Apr 18 11:02:31 katgar postfix/smtp[32554]: setting up TLS connection to mx1.suse.de Apr 18 11:02:31 katgar postfix/smtp[32554]: Verified: subject_CN=mx1.suse.de, issuer=Thawte Premium Server CA Apr 18 11:02:31 katgar postfix/smtp[32554]: TLS connection established to mx1.suse.de: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Again. This is informational only, it does not say that the TLS connection is invalid. > >> Also run: >> postfix upgrade-configuration >> postfix set-permissions >> postfix check > >> This applies escpecially if you have upgraded your system from earlier >> versions of Suse. > > Ah... ok. First I stop postfix and fetchmail... (oops, I stopped > fetchmail while it was fetching)... make a backup... run that... > > nimrodel:/etc/postfix # postfix upgrade-configuration > Editing /etc/postfix/master.cf, adding missing entry for discard service No one is perfect, and apparently the package manager that provided the suse rpm isn't either. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
