|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: TLS handshake failure
From: Ed Sawicki (ed
alcpress.com)
Date: Wed Mar 01 2006 - 14:11:53 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victor Duchovni wrote:
> On Wed, Mar 01, 2006 at 10:59:25AM -0800, Ed Sawicki wrote:
>
>
>>>What version of OpenSSL does your system use?
>>
>>OpenSSL 0.9.8 05 Jul 2005
>
>
> More importantly are you tryign to enforce peername verification.
I think I am not. But I'm a TLS newbie.
>
>
> http://www.postfix.org/DEBUG_README.html#mail
I'm not sure what this should mean to me. I thought I sent all
relevant information. The output of postconf -n is the only thing
I can think of that might matter.
Here it is. I removed hostname =, domainname =, and mynetworks =
I'd be happy to send that to you privately.
message_size_limit = 200000000
mydestination =
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readme
relay_domains = hash:/etc/postfix/transport
relay_recipient_maps =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_CAfile = /etc/postfix/certs/CA.pem
smtp_tls_cert_file = /etc/postfix/certs/mail.crt
smtp_tls_key_file = /etc/postfix/certs/mail.key
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
smtp_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/good_sender, check_client_access hash:/etc/postfix/good_client,
check_recipient_access hash:/etc/postfix/good_recipient, check_client_access
hash:/etc/postfix/bad_client, check_sender_access hash:/etc/postfix/bad_sender,
check_recipient_access hash:/etc/postfix/bad_recipient, reject_rbl_client bl.spamcop.net,
reject_rbl_client blackholes.wirehub.net, reject_rbl_client dynablock.wirehub.net,
reject_rbl_client relays.ordb.org, reject_rbl_client dnsbl.njabl.org,
reject_unauth_destination, check_policy_service inet:127.0.0.1:9898, permit
smtpd_tls_CAfile = /etc/postfix/certs/CA.pem
smtpd_tls_cert_file = /etc/postfix/certs/mail.crt
smtpd_tls_key_file = /etc/postfix/certs/mail.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_daemon_random_bytes = 32
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
>
> Please also post the contents of any tls_per_site table...
The problem occurred before I had a tls_per_site table. I recently
added one while troubleshooting. Its contents are one line:
TreasuryStrategies.com NONE
but the same problem occurrs with other remote TLS hosts as well
regardless of whether this table exists.
Ed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]