Getting TLS to work on Suse 9.0?

From: Paul Hutchings (no email)
Date: Sun Feb 01 2004 - 08:39:54 EST

Next message: Rene Bartsch: "Re: Idea to disappoint Spammers"
Previous message: Orlando Andico: "Re: Idea to disappoint Spammers"
Next in thread: Luca Berra: "Re: Getting TLS to work on Suse 9.0?"
Maybe reply: Luca Berra: "Re: Getting TLS to work on Suse 9.0?"
Maybe reply: Paul Hutchings: "RE: Getting TLS to work on Suse 9.0?"
Maybe reply: 'Luca Berra': "Re: Getting TLS to work on Suse 9.0?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Im playing around with a postfix install on suse 9.0 on vmware trying to get
sasl and TLS working.

I'm running the latest snapshot installed from carsten hoegers rpms for
suse.

SASL appears to be working fine now using sasldb2 based users. I'm not
having much luck with TLS and I'm wondering if I'm missing something
fundemental - I'm pretty sure that I am but it's knowing where to start..

I'm attempting to follow patricks guide at -

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support
.html

Everything appears to work perectly until the testing stage when I always
get a "454 TLS not available due to temporary reason" after issuing STARTTLS
(this happens from either a MUA or "dumb" telnet session).

From digging around the archives I'm pretty sure I should be seeing
something like "starting TLS engine" in /var/log/mail, but I don't?

postconf -n output (this isn't meant to be a "working" server, purely trying
to get some joy from TLS) -

command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450

output from /var/log/mail with (hopefully) the right debugging options -

Feb 1 13:32:18 hutching postfix/postfix-script: starting the Postfix mail
system
Feb 1 13:32:18 hutching postfix/master[4667]: daemon started -- version
2.0.18-20040122
Feb 1 13:32:22 hutching postfix/smtpd[4671]: name_mask: subnet
Feb 1 13:32:22 hutching postfix/smtpd[4671]: mynetworks: 127.0.0.0/8
192.168.227.0/24
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: mynetworks ~?
debug_peer_list
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: mynetworks ~?
fast_flush_domains
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: mynetworks ~?
mynetworks
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: relay_domains ~?
debug_peer_list
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: relay_domains ~?
fast_flush_domains
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: relay_domains ~?
mynetworks
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: relay_domains ~?
permit_mx_backup_networks
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: relay_domains ~?
qmqpd_authorized_clients
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string: relay_domains ~?
relay_domains
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
permit_mx_backup_networks ~? debug_peer_list
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
permit_mx_backup_networks ~? fast_flush_domains
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
permit_mx_backup_networks ~? mynetworks
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
permit_mx_backup_networks ~? permit_mx_backup_networks
Feb 1 13:32:22 hutching postfix/smtpd[4671]: connect to subsystem
private/proxymap
Feb 1 13:32:22 hutching postfix/smtpd[4671]: send attr request = open
Feb 1 13:32:22 hutching postfix/smtpd[4671]: send attr table =
unix:passwd.byname
Feb 1 13:32:22 hutching postfix/smtpd[4671]: send attr flags = 64
Feb 1 13:32:22 hutching postfix/smtpd[4671]: private/proxymap socket:
wanted attribute: status
Feb 1 13:32:22 hutching postfix/smtpd[4671]: input attribute name: status
Feb 1 13:32:22 hutching postfix/smtpd[4671]: input attribute value: 0
Feb 1 13:32:22 hutching postfix/smtpd[4671]: private/proxymap socket:
wanted attribute: flags
Feb 1 13:32:22 hutching postfix/smtpd[4671]: input attribute name: flags
Feb 1 13:32:22 hutching postfix/smtpd[4671]: input attribute value: 80
Feb 1 13:32:22 hutching postfix/smtpd[4671]: private/proxymap socket:
wanted attribute: (list terminator)
Feb 1 13:32:22 hutching postfix/smtpd[4671]: input attribute name: (end)
Feb 1 13:32:22 hutching postfix/smtpd[4671]: dict_proxy_open: connect to
map=unix:passwd.byname status=0 server_flags=0120
Feb 1 13:32:22 hutching postfix/smtpd[4671]: dict_open:
proxy:unix:passwd.byname
Feb 1 13:32:22 hutching postfix/smtpd[4671]: dict_open: hash:/etc/aliases
Feb 1 13:32:22 hutching postfix/smtpd[4671]: warning: dict_nis_init: NIS
domain name not set - NIS lookups disabled
Feb 1 13:32:22 hutching postfix/smtpd[4671]: dict_nis_init: NIS domain
Feb 1 13:32:22 hutching postfix/smtpd[4671]: dict_open: nis:mail.aliases
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
smtpd_access_maps ~? debug_peer_list
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
smtpd_access_maps ~? fast_flush_domains
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
smtpd_access_maps ~? mynetworks
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
smtpd_access_maps ~? permit_mx_backup_networks
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
smtpd_access_maps ~? qmqpd_authorized_clients
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
smtpd_access_maps ~? relay_domains
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
smtpd_access_maps ~? smtpd_access_maps
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
fast_flush_domains ~? debug_peer_list
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_string:
fast_flush_domains ~? fast_flush_domains
Feb 1 13:32:22 hutching postfix/smtpd[4671]: attr_clnt_create:
transport=local endpoint=private/anvil
Feb 1 13:32:22 hutching postfix/smtpd[4671]: watchdog_create: 0x8097920
18000
Feb 1 13:32:22 hutching postfix/smtpd[4671]: watchdog_stop: 0x8097920
Feb 1 13:32:22 hutching postfix/smtpd[4671]: watchdog_start: 0x8097920
Feb 1 13:32:22 hutching postfix/smtpd[4671]: connection established
Feb 1 13:32:22 hutching postfix/smtpd[4671]: master_notify: status 0
Feb 1 13:32:22 hutching postfix/smtpd[4671]: name_mask: resource
Feb 1 13:32:22 hutching postfix/smtpd[4671]: name_mask: software
Feb 1 13:32:22 hutching postfix/smtpd[4671]: connect from
localhost[127.0.0.1]
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_list_match: localhost:
no match
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_list_match: 127.0.0.1:
no match
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_list_match: localhost:
no match
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_list_match: 127.0.0.1:
no match
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_hostname: localhost ~?
127.0.0.0/8
Feb 1 13:32:22 hutching postfix/smtpd[4671]: match_hostaddr: 127.0.0.1 ~?
127.0.0.0/8
Feb 1 13:32:22 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]: 220
hutching.gotadsl.co.uk ESMTP Postfix
Feb 1 13:32:22 hutching postfix/smtpd[4671]: watchdog_pat: 0x8097920
Feb 1 13:32:26 hutching postfix/smtpd[4671]: < localhost[127.0.0.1]: EHLO
anything.com
Feb 1 13:32:26 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]:
250-hutching.gotadsl.co.uk
Feb 1 13:32:26 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]:
250-PIPELINING
Feb 1 13:32:26 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]:
250-SIZE 10240000
Feb 1 13:32:26 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]:
250-VRFY
Feb 1 13:32:26 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]:
250-ETRN
Feb 1 13:32:26 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]:
250-STARTTLS
Feb 1 13:32:26 hutching postfix/smtpd[4671]: match_list_match: localhost:
no match
Feb 1 13:32:26 hutching postfix/smtpd[4671]: match_list_match: 127.0.0.1:
no match
Feb 1 13:32:26 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]: 250
8BITMIME
Feb 1 13:32:26 hutching postfix/smtpd[4671]: watchdog_pat: 0x8097920
Feb 1 13:32:29 hutching postfix/smtpd[4671]: < localhost[127.0.0.1]:
STARTTLS
Feb 1 13:32:29 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]: 454
TLS not available due to temporary reason
Feb 1 13:32:30 hutching postfix/smtpd[4671]: watchdog_pat: 0x8097920
Feb 1 13:32:33 hutching postfix/smtpd[4671]: < localhost[127.0.0.1]: QUIT
Feb 1 13:32:33 hutching postfix/smtpd[4671]: > localhost[127.0.0.1]: 221
Bye
Feb 1 13:32:33 hutching postfix/smtpd[4671]: match_hostname: localhost ~?
127.0.0.0/8
Feb 1 13:32:33 hutching postfix/smtpd[4671]: match_hostaddr: 127.0.0.1 ~?
127.0.0.0/8
Feb 1 13:32:33 hutching postfix/smtpd[4671]: disconnect from
localhost[127.0.0.1]
Feb 1 13:32:33 hutching postfix/smtpd[4671]: master_notify: status 1
Feb 1 13:32:33 hutching postfix/smtpd[4671]: connection closed
Feb 1 13:32:33 hutching postfix/smtpd[4671]: watchdog_stop: 0x8097920
Feb 1 13:32:33 hutching postfix/smtpd[4671]: watchdog_start: 0x8097920

Next message: Rene Bartsch: "Re: Idea to disappoint Spammers"
Previous message: Orlando Andico: "Re: Idea to disappoint Spammers"
Next in thread: Luca Berra: "Re: Getting TLS to work on Suse 9.0?"
Maybe reply: Luca Berra: "Re: Getting TLS to work on Suse 9.0?"
Maybe reply: Paul Hutchings: "RE: Getting TLS to work on Suse 9.0?"
Maybe reply: 'Luca Berra': "Re: Getting TLS to work on Suse 9.0?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs