|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Steve Finkelstein (sf
stevefink.net)
Date: Sat Mar 01 2008 - 22:49:31 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
By the way, hate to follow up on my own post. But I did make one finding.
When I set the following:
smtpd_tls_auth_only = no
Mail.app is able to relay using my server. Unfortunately this also
means passwords being sent over in cleartext, so I'd like to figure
out a way to get the client working with TLS enabled auth.
Thanks again all.
/sf
On 3/1/08, Steve Finkelstein <sfstevefink.net> wrote:
> Hi all,
>
> This probably applies more to some OS/X forum, and if so, I sincerely
> apologize. I just figured someone active in the Postfix community has
> dealt with the same issue as I'm dealing with now. I'm running a
> postfix based MTA, and enforce TLS over SMTP for authentication with
> SASL. Works wonderful with all MUAs including Thunderbird, etc. I'm
> having a ton of trouble with Mail.app. For one odd reason or another,
> it doesn't wish to deal with self-signed certificates. I'm going to be
> purchasing a GoDaddy certificate shortly, but regardless, this is kind
> of silly of Mail.app.
>
> Here's how the SSL logs:
>
> Mar 1 21:52:41 catalyst postfix/smtpd[26513]: SSL_accept:SSLv3 flush data
> Mar 1 21:52:41 catalyst postfix/smtpd[26513]: read from 080D6CF8
> [080E0408] (5 bytes => -1 (0xFFFFFFFF))
> Mar 1 21:52:41 catalyst postfix/smtpd[26513]: SSL_accept:error in
> SSLv3 read client certificate A
> Mar 1 21:52:41 catalyst postfix/smtpd[26513]: SSL_accept error from
> ool-44c19145.dyn.optonline.net[68.193.145.69]: -1
>
> Here are my TLS settings:
>
> rootcatalyst:/etc/postfix# postconf -n | grep -i tls
> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
> smtpd_tls_CAfile = /etc/postfix/ca-bundle.crt
> smtpd_tls_ask_ccert = no
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_loglevel = 9
> smtpd_tls_received_header = yes
> smtpd_tls_req_ccert = no
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
>
> Thanks for taking a look!
>
>
> /sf
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]