|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Don Kent (Don_Kent_at_perlegen.com)
Date: Mon Feb 10 2003 - 12:17:27 CST
Yes I have a CAFile...I got it from my cert provider(VeriSign).
I don't understand how its contents could affect how postfix would
handle sending to or receiving from, self signed certs?
Please educate me if I am mistaken...
Here is the entirety of my main.cf:
# see /usr/share/postfix/main.cf.dist for a commented, fuller
# version of this file.
# Do not change these directory settings - they are critical to Postfix
# operation.
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = $myhostname ESMTP $mail_name
setgid_group = postdrop
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
#folf additions
myhostname = mojojojo.perlegen.com
mydomain = perlegen.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
relay_domains = $transport_maps
transport_maps = btree:/etc/postfix/transport
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
masquerade_domains = $mydomain
message_size_limit = 100000000
#folf reject lusers.
smtpd_helo_required = yes
#smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname
smtpd_helo_restrictions = permit_mynetworks
smtpd_etrn_restrictions = reject
smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains
#TLS stuff
smtpd_use_tls = yes
smtpd_tls_received_header = yes
#smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
smtpd_tls_key_file = /etc/postfix/ssl/private.key
#smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/perlegen.cert
#smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/intermediate.cert
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_sessions_cache_timeout = 3600s
smtpd_client_restrictions = permit_tls_all_clientcerts,
btree:/etc/postfix/defer_no_tls_domains
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_per_site = btree:/etc/postfix/tls_per_site
tls_random_source = dev:/dev/urandom
[In Reply To]
>Date: Fri, 7 Feb 2003 22:11:46 -0800
>From: "Jeff Bert" <soilentg
sgwebspace.com>
>Subject: RE: Enforcing tls with selfsigned certs.
>
>>
>> How do you add a self-signed cert to the trusted list of CA
>> certs that postfix references?
>>
>
>Have you defined the path to the CA cert in main.cf?
>
>I use self signed certs and have never seen that error message...
Here's a
>snipet from my main.cf:
>
>smtpd_use_tls = yes
>smtpd_tls_auth_only = yes
>smtpd_tls_CApath = /var/lib/imap/ssl/ssl.crt
>smtpd_tls_CAfile = /var/lib/imap/ssl/ssl.crt/cacert.crt
>smtpd_tls_cert_file = /var/lib/imap/ssl/ssl.crt/cyrus-imapd.crt
>smtpd_tls_key_file = /var/lib/imap/ssl/ssl.key/cyrus-imapd.key
>
>Jeff
Donald Kent
Perlegen Sciences
Email: Don_Kentperlegen.com
Tel: 650-625-4547
Cel: 650-814-7456
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]