Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
Also needed for Gmail in sendmail.mc: define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
Thanks Craig for your comments. I've got my sendmail on CentOS 6 working with: # yum erase postfix # yum install sendmail sendmail-cf # mkdir /etc/mail/auth # chmod 700 /etc/mail/auth # mkdir /etc/mail/certs # chmod 700 /etc/mail/certs Create the file /etc/mail/auth/client-info: AuthInfo:smtp.gmail.com "U:smmsp" "I:Alexander.Farber" "P:XXX" "M:PLAIN" AuthInfo:smtp.gmail.com:587 "U:smmsp" "I:Alexander.Farber" "P:XXX" "M:PLAIN" # cd /etc/mail/auth # makemap -r hash client-info.db < client-info # cd /etc/mail/certs # openssl dsaparam 1024 -out dsa1024.pem # openssl req -x509 -nodes -days 3650 -newkey dsa:dsa1024.pem -out /etc/mail/certs/mycert.pem -keyout /etc/mail/certs/mykey.pem # ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem # rm dsa1024.pem # chmod 400 *.pem Added to file /etc/mail/sendmail.mc: define(`SMART_HOST', `smtp.gmail.com')dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs') define(`confCACERT_PATH', `CERT_DIR') define(`confCACERT', `CERT_DIR/CAcert.pem') define(`confSERVER_CERT', `CERT_DIR/mycert.pem') define(`confSERVER_KEY', `CERT_DIR/mykey.pem') define(`confCLIENT_CERT', `CERT_DIR/mycert.pem') define(`confCLIENT_KEY', `CERT_DIR/mykey.pem') Then "make" in /etc/mail and "service sendmail restart" I understand your point that it is stupid of me (and probably many other users) to ask same questions again and again, without really understanding what's going on :-) The file /etc/pki/tls/misc/CA.pl on CentOS is cubersome to understand though. I tried creating ./CA.pl -newca etc. but then I wanted to start over because of an invalid input made by myself and I didn't even know how. I know CA.pl keeps a text file somewhere where it stores increasing integer numbers... but couldn't find it Regards Alex ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
On Oct 4, 2011, at 1:46 PM, Alexander Farber wrote: > Hello, > > On Tue, Oct 4, 2011 at 10:37 PM, Craig White wrote: >>> postfix/smtp[2061]: warning: TLS library problem: >>> 2061:error:0906D06C:PEM routines:PEM_read_bio:no start >>> line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE: >>> postfix/smtp[2061]: warning: TLS library problem: >>> 2061:error:140DC009:SSL >> >> There's something wrong with this file as it is not a PEM encoded >> certificate file as is expected. >> >> Easy enough to verify... >> >> openssl x509 -in $YOUR_CERTIFICATE.pem -noout -text > > oops, sorry, after struggling I've just deleted > that file and installed sendmail. I'll try your suggestion > later though with my development VM. > > Could the reason also be that I've started with > a minimalistic CentOS 6 installation and was > missing the cyrus-sasl-plain and cyrus-sasl-md5 packages? I personally have found postfix much easier to deal with in all phases, especially with details such as sasl and ldap. I think your issue was not understanding what the certificates are, how they are created, how they interact, etc. and thus your issue really isn't going to be solved with either postfix or sendmail but rather certificates in general. If you are going to have self-signed certificates, you need a mechanism to: 1 - create a CA (Certificate Authority) and generate a private key and a CA Certificate. This private key would be needed to sign certificate requests. 2 - generate a signing request for various services such as an SMTP server - this should include a directive to output the key into a separate file. This key is NOT the CA key. 3 - sign the request which generates a PEM encoded certificate and thus you should end up with 3 files useful for your SMTP server: - ca certificate - smtp certificate - smtp key (for the certificate) This methodology counts on various SMTP servers to not verify the client certificate your SMTP server presents (ie, Google in your case if I recall correctly) which is generally the case. I have implemented a reasonably feature complete set of scripts to be my own CA with 4 distinct certificate types (1 for HTTP server, 1 for IMAP servers, 1 for SMTP servers and 1 for LDAP servers) and a reasonably feature complete set of scripts for an LDAP server (master), LDAP server (slave aka replicant) and LDAP clients and at some point, I will try to figure out a way to pass this info on to others but I suspect that it will take a long time to document because I would suspect that the target audience isn't fully up to speed. I don't think either of the 2 cyrus-sasl packages you mentioned are required to send e-mail via tls to Google's SMTP server but I haven't installed RHEL or CentOS 6 so I wouldn't know but those are very small packages and won't hurt to install... I think they are both geared to your server authenticating users but I am not sure. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
Hello, On Tue, Oct 4, 2011 at 10:37 PM, Craig White wrote: >> postfix/smtp[2061]: warning: TLS library problem: >> 2061:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE: >> postfix/smtp[2061]: warning: TLS library problem: >> 2061:error:140DC009:SSL > > There's something wrong with this file as it is not a PEM encoded certificate > file as is expected. > > Easy enough to verify... > > openssl x509 -in $YOUR_CERTIFICATE.pem -noout -text oops, sorry, after struggling I've just deleted that file and installed sendmail. I'll try your suggestion later though with my development VM. Could the reason also be that I've started with a minimalistic CentOS 6 installation and was missing the cyrus-sasl-plain and cyrus-sasl-md5 packages? Thank you Alex ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
On Oct 4, 2011, at 12:18 PM, Alexander Farber wrote: > Thank you, the "ls -laF" tip is good > > And now I unfortunately get: > > postfix/postfix-script[2054]: starting the Postfix mail system > postfix/master[2056]: daemon started -- version 2.6.6, configuration > /etc/postfix > postfix/qmgr[2059]: F10CC31D62CC: from=, > size=609, nrcpt=1 (queue active) > postfix/smtp[2061]: warning: cannot get RSA certificate from file > /etc/pki/tls/gmail_relay/server.pem: disabling TLS support > postfix/smtp[2061]: warning: TLS library problem: > 2061:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE: > postfix/smtp[2061]: warning: TLS library problem: > 2061:error:140DC009:SSL > routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:729: > postfix/smtp[2061]: F10CC31D62CC: to=, > orig_to=, relay=smtp.gmail.com[74.125.39.109]:587, delay=2963, > delays=2963/0.07/0.03/0.01, dsn=5.7.0, status=bounced (host > smtp.gmail.com[74.125.39.109] said: 530 5.7.0 Must issue a STARTTLS > command first. m26sm26530788fac.6 (in reply to MAIL FROM command)) > postfix/cleanup[2064]: 2FE0C31D6686: > message-id=<20111004191529.2FE0C31D6686@preferans.localdomain> > postfix/bounce[2063]: F10CC31D62CC: sender non-delivery notification: > 2FE0C31D6686 > postfix/qmgr[2059]: 2FE0C31D6686: from=<>, size=2696, nrcpt=1 (queue active) > postfix/qmgr[2059]: F10CC31D62CC: removed this is your problem and it is significant... > postfix/smtp[2061]: warning: TLS library problem: > 2061:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE: > postfix/smtp[2061]: warning: TLS library problem: > 2061:error:140DC009:SSL There's something wrong with this file as it is not a PEM encoded certificate file as is expected. Easy enough to verify... openssl x509 -in $YOUR_CERTIFICATE.pem -noout -text Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
Eventhough I have at the bottom of main.cf: GMail SSL SMTP Relay relayhost = [smtp.gmail.com]:587 #auth smtp_sasl_auth_enable=yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd #tls smtp_use_tls = yes smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_note_starttls_offer = yes tls_random_source = dev:/dev/urandom smtp_tls_scert_verifydepth = 5 smtp_tls_key_file=/etc/pki/tls/gmail_relay/server.key smtp_tls_cert_file=/etc/pki/tls/gmail_relay/server.pem smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert =no smtp_tls_enforce_peername = no On Tue, Oct 4, 2011 at 9:18 PM, Alexander Farber wrote: > postfix/smtp[2061]: F10CC31D62CC: to=, > orig_to=, relay=smtp.gmail.com[74.125.39.109]:587, delay=2963, > delays=2963/0.07/0.03/0.01, dsn=5.7.0, status=bounced (host > smtp.gmail.com[74.125.39.109] said: 530 5.7.0 Must issue a STARTTLS > command first. m26sm26530788fac.6 (in reply to MAIL FROM command)) > postfix/cleanup[2064]: 2FE0C31D6686: > message-id=<20111004191529.2FE0C31D6686@preferans.localdomain> ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
Thank you, the "ls -laF" tip is good And now I unfortunately get: postfix/postfix-script[2054]: starting the Postfix mail system postfix/master[2056]: daemon started -- version 2.6.6, configuration /etc/postfix postfix/qmgr[2059]: F10CC31D62CC: from=, size=609, nrcpt=1 (queue active) postfix/smtp[2061]: warning: cannot get RSA certificate from file /etc/pki/tls/gmail_relay/server.pem: disabling TLS support postfix/smtp[2061]: warning: TLS library problem: 2061:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE: postfix/smtp[2061]: warning: TLS library problem: 2061:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:729: postfix/smtp[2061]: F10CC31D62CC: to=, orig_to=, relay=smtp.gmail.com[74.125.39.109]:587, delay=2963, delays=2963/0.07/0.03/0.01, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.39.109] said: 530 5.7.0 Must issue a STARTTLS command first. m26sm26530788fac.6 (in reply to MAIL FROM command)) postfix/cleanup[2064]: 2FE0C31D6686: message-id=<20111004191529.2FE0C31D6686@preferans.localdomain> postfix/bounce[2063]: F10CC31D62CC: sender non-delivery notification: 2FE0C31D6686 postfix/qmgr[2059]: 2FE0C31D6686: from=<>, size=2696, nrcpt=1 (queue active) postfix/qmgr[2059]: F10CC31D62CC: removed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
Nevermind - solved that by # sudo chown root.root sasl_passwd (sorry, too tired in the evening) On Tue, Oct 4, 2011 at 9:04 PM, Alexander Farber wrote: > I'm trying to configure mail forwarding through Gmail > on CentOS 6 with postfix, following the blog > http://carlton.oriley.net/blog/?p=31 > and I think the blog has missed the step: > > # postmap /etc/postfix/sasl_passwd > > - as I've seen in the /var/log/maillog: > > postfix/smtp[1926]: fatal: open database /etc/postfix/sasl_passwd.db: > No such file or directory > postfix/master[1831]: warning: process /usr/libexec/postfix/smtp pid > 1926 exit status 1 > postfix/master[1831]: warning: /usr/libexec/postfix/smtp: bad command > startup -- throttling > > But when I try to run postmap, I get > > postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied > > even though the postfix service is stopped, > the SELinux is permissive and the file is writable: > > [root@preferans postfix]# ll > -rw-r--r--. 1 root root 20K Jun 25 14:50 access > -rw-r--r--. 1 root root 12K Jun 25 14:50 canonical > -rw-r--r--. 1 root root 9.7K Jun 25 14:50 generic > -rw-r--r--. 1 root root 18K Jun 25 14:50 header_checks > -rw-r--r--. 1 root root 27K Oct 4 20:24 main.cf > -rw-r--r--. 1 root root 27K Oct 4 20:23 main.cf.OLD > -rw-r--r--. 1 root root 5.0K Jun 25 14:50 master.cf > -rw-r--r--. 1 root root 6.7K Jun 25 14:50 relocated > -rw-r--r--. 1 postfix root 113 Oct 4 20:25 sasl_passwd > -rw-r--r--. 1 root root 13K Jun 25 14:50 transport > -rw-r--r--. 1 root root 13K Jun 25 14:50 virtual > > Has anybody fought this problem already? > > Thank you > Alex > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied
Alexander Farber wrote: > I'm trying to configure mail forwarding through Gmail > on CentOS 6 with postfix, following the blog > http://carlton.oriley.net/blog/?p=31 > and I think the blog has missed the step: > > # postmap /etc/postfix/sasl_passwd > > - as I've seen in the /var/log/maillog: > > postfix/smtp[1926]: fatal: open database /etc/postfix/sasl_passwd.db: > No such file or directory > But when I try to run postmap, I get > > postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission > denied > > even though the postfix service is stopped, > the SELinux is permissive and the file is writable: > > [root@preferans postfix]# ll > -rw-r--r--. 1 rootroot 20K Jun 25 14:50 access One thing I keep finding very annoying with most versions of Linux is the alias for ll, which is *not* what I was used to in sun, Solaris, Irix, or Tru64. Out of curiosity, try ls -laF /etc/postfix, and the libexec, and let's see what permissions and ownerships the *directories* have. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos