Thank you for URL pointers.
On 12/04/2011 13:53, Noel Jones wrote:
[...]
Yes, TLS and authentication are set up separately in postfix and can
be (and frequently are) used together.
http://www.postfix.org/SASL_README.html#client_sasl_enable
Authentication with a remote smtp without SSL/TLS (port 25) is running well.
http://www.postfix.org/TLS_README.html#client_tls
About TLS, i want to use smtp.gmail.com and a gmail account.
I started by getting certificates of the remote smtp service with the
command :
#> openssl s_client -connect smtp.gmail.com:465 -showcerts
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
-----BEGIN CERTIFICATE-----
MIIDWzCCAsSgAwIBAgIKaM9uMQADAAAirTANBgkqhkiG9w0BAQUFADBGMQswCQYD
[...]
Ouo+mV5BJSkDXH/qbG6wiBdEIypseBEbG+XJMxTSaYVgUjY313rBbAvQ0Uf7ZGQ=
-----END CERTIFICATE-----
[...]
Then i put the certificate in the file /etc/postfix/certs/googlesmtp.pem
beginning by -----BEGIN CERTIFICATE-----, ending by -----END
CERTIFICATE-----
Then i added the following key in main.cf :
/etc/postfix/main.cf:smtp_tls_cert_file = /etc/postfix/certs/googlesmtp.pem
Then i reloaded the postfix config.
But, with or without the key smtp_tls_cert_file, I get the following
logs if my postfix wants to send a mail to via relay :
Apr 12 15:12:57 dns postfix/smtp[94247]: DA42493725:
to=<fcombern...@kezia.com>, relay=smtp.gmail.com[209.85.227.109]:465,
delay=1174, delays=873/0.06/301/0, dsn=4.4.2, status=deferred
(conversation with smtp.gmail.com[209.85.227.109] timed out while
receiving the initial server greeting)
Regards,
--
*Fabien COMBERNOUS*
/unix system engineer/
www.kezia.com <http://www.kezia.com/>
*Tel: +33 (0) 467 992 986*
Kezia Group
