From: sean darcy (seandarcy2gmail.com)
Date: Mon Sep 14 2009 - 20:11:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema wrote:
> sean darcy:
>> Wietse Venema wrote:
>>> sean darcy:
>>>> Wietse Venema wrote:
>>>>> sean darcy:
>>>>>> Sep 13 16:00:19 asterisk postfix/smtp[1786]: warning: TLS library
>>>>>> problem: 1786:error:0B080074:x509 certificate
>>>>>> routines:X509_check_private_key:key values mismatch:x509_cmp.c:304:
>>>>> Does the client private key match the client (public key) certificate?
>>>>>
>>>>> See the Postfix TLS_README for an example of how to create these.
>>>>>
>>>>> Wietse
>>>>>
>>>> It doesn't seem to need to match. But reading TLS_README realllly
>>>> closely solved it.
>>>>
>>>> Counter-intuitively -at least for me - you set up all the files for
>>>> smtpd_tls... That is, you set them up as if you're a server.
>>> That configures the certificates for the Postfix SMTP server.
>>>
>>> You won't be using any certificates in the SMTP client.
>>>
>>> Wietse
>>>
>> Right, which is puzzling. I would have assumed I was the client to the
>> gmail server. Why setting the certificates up as a server works makes no
>> sense to me, but it does work.
>
> You can delete all the SERVER TLS settings.
>
> They have no effect on SENDING mail, period.
>
> Wietse
>

Wow. You're absolutely right. Here's main.cf:

relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = smtp.gmail.com
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_tls_security_options = noanonymous
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile=/etc/pki/CA/cacert.pem
smtp_tls_security_level = may
smtp_tls_scert_verifydepth = 9

This is way simpler than any of the howto's for gmail relay access. Or
the TLS_README.

It's weird how everyone make this so complicated.

sean

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]