On 04/21/2014 04:50 PM, Viktor Dukhovni wrote:
This is an SMTP *client* setting, for sending mai. You almost
never client certs. You probably meant to set:
# smtpd_tls_... not smtp_tls_...
I managed to get a single certificate working, where a concatenation
of server, intermediate, and root did not.
It seems that mysql and sasl config files must be wrong.
Any hints on good info for them? (for debian squeeze.)
vking@mail:/etc/postfix$ sudo postconf -n
alias_database = cdb:/etc/aliases
alias_maps = cdb:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 2d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
default_destination_concurrency_limit = 3
default_process_limit = 40
delay_warning_time = 1h
mailbox_size_limit = 80000000
maximal_queue_lifetime = 3d
message_size_limit = 15360000
minimal_backoff_time = 2500
mydestination = localhost localhost.cibolo.us metalartists.org
mydomain = cibolo.us
myhostname = mail.cibolo.us
mynetworks = 76.191.252.85 127.0.0.0/8
myorigin = /etc/mailname
notify_classes = resource, software
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
smtpd_error_sleep_time = 2
smtpd_hard_error_limit = 8
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access cdb:/etc/postfix/helo_access, reject_non_fqdn_hostname,
reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access cdb:/etc/postfix/sender_access,
check_recipient_access cdb:/etc/postfix/recipient_access, reject_unknown_sender_domain, reject_non_fqdn_recipient,
check_client_access cdb:/etc/postfix/access_client_ipaddr_checks, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mail.cibolo.us
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 3
smtpd_tls_CAfile = /etc/ssl/certs/cacert.org.class3.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/mail.cibolo.us.pem
smtpd_tls_key_file = /etc/ssl/private/mail.cibolo.us_privatekey.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1999
virtual_transport = virtual
virtual_uid_maps = static:2000
vking@mail:/etc/postfix$
