Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Olivier MJ Crepin-Leblond (oclgih.com)
Date: Wed Aug 27 2008 - 03:29:29 CDT
I am running Postfix 2.5.1 with OpenSSL on an email gateway and I
configured the mailer to use STARTTLS whenever it is possible.
My config works fine *receiving* emails and I therefore receive TLS
mails. I am using self-signed certificate etc.
However, it doesn't work when sending email out. ie. when I send to a
mailer that I know accepts TLS encrypted e-mail, my mailer just sends
it out normally. Not even a mention of a failed handshake or whatever
on the maillog file. Just sends out like normal ESMTP.
Here's my TLS-specific config on main.cf:
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_key_file = /etc/postfix/certs/foo-key.pem
smtpd_tls_cert_file = /etc/postfix/certs/foo-cert.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_enforce_tls = no
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
tls_random_source = dev:/dev/urandom
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/postfix/certs/cacert.pem
smtp_tls_key_file = /etc/postfix/certs/foo-key.pem
smtp_tls_cert_file = /etc/postfix/certs/foo-cert.pem
tls_random_exchange_name = /var/db/postfix/prng_exch
/etc/postfix/certs/cacert.pem is self-signed CA
/etc/postfix/certs/foo-key.pem is self-generated RSA private key
/etc/postfix/certs/foo-cert.pem is self-generated Cert
What am I doing wrong? There's obviously something that's sticking
somewhere and I've spent 2 weeks on-off on this, with no success.
Thanks for all help!
Olivier MJ Crepin-Leblond, Ph.D.
E-mail:<oclgih.com> | http://www.gih.com/ocl.html