Re: Fwd: Re: TLS certificate

From: Tolga (no email)
Date: Mon Feb 09 2009 - 03:44:36 EST

Next message: Marc Patermann: "Re: Replacing Message-Id for SASL authenticated senders"

Previous message: Magnus Bäck: "Re: Multiple instances (incoming)"
Maybe in reply to: Tolga: "Fwd: Re: TLS certificate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Victor Duchovni yazmÄ±ÅŸ:
> On Fri, Feb 06, 2009 at 07:13:17PM +0200, Tolga wrote:
>
>
>>> Who can't use the certificate?
>>>
>> I, when I try with Thunderbird from another location.
>>
>
> Well, it is Thunderbird that needs to extend its list of trusted
> CAs not Postfix. No amount of tweaking the Postfix server will
> make Thunderbird trust your locally-minted CA.
>
>

Hello,

I imported publiccert.pem into Thunderbird and it's working now. However
I'd still like to know why Postfix has trouble offering the right
certificate.

Below is my postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unknown_reverse_client_hostname,
reject_unauth_pipelining, reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_cert_file = /etc/ssl/certs/publiccert.pem
smtpd_tls_key_file = /etc/ssl/private/privatekey.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

tolga at ozses:~$ cat /etc/ssl/certs/publiccert.pem

...
...
...
        Issuer: C=TR, ST=Marmara, O=ozses.net, OU=ozses.net,
CN=mail.ozses.net/emailAddress Validity
            Not Before: Feb 5 14:33:51 2009 GMT
            Not After : Feb 4 14:33:51 2014 GMT
        Subject: C=TR, ST=Marmara, L=Istanbul, O=ozses.net,
OU=ozses.net, CN=mail.ozses.net/emailAddress...
...
...

Postfix is still offering the certificate of which screenshot is at http://people.sabanciuniv.edu/mtozses/cert.png (sorry, I can't attach it)

Regards,

/Tolga

-- 
Never look up when dragons fly overhead.

Next message: Marc Patermann: "Re: Replacing Message-Id for SASL authenticated senders"

Previous message: Magnus Bäck: "Re: Multiple instances (incoming)"
Maybe in reply to: Tolga: "Fwd: Re: TLS certificate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs