Loading ...
Sorry, an error occurred while loading the content.

problem with certificate server

Expand Messages
  • deconya
    Hi list At now Im configuring the TLS function in my postfix 2.5.5 and Im having a new problem. First was that said untrusted issuer because not detect the
    Message 1 of 2 , Feb 8, 2013
    • 0 Attachment
      Hi list

      At now Im configuring the TLS function in my postfix 2.5.5 and Im having a new problem.

      First was that said untrusted issuer because not detect the certificates. At now the message every time you sends is

      status=deferred (Server certificate not verified)

      I was configuring using a howto that says to do

      ---------------------
      mkdir /var/spool/postfix/certs
      cp -R /etc/ssl/certs/* /var/spool/postfix/certs
      mkdir -p /var/spool/postfix/usr/share/ca-certificates
      cp -R /usr/share/ca-certificates /var/spool/postfix/usr/share/ca-certificates
      

      Then, in main.cf, change the smtp_tls_security_level line and add an smtp_tls_CApath line as follows:

      smtp_tls_security_level=verify
      smtp_tls_CApath=/certs
      
      -----------------
      
      And now the postconf for help:
      
      default_transport = smtp
      lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
      non_smtpd_milters = 
      parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
      proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
      proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
      relayhost = smtp.puc.mysmarthost.es
      smtp_always_send_ehlo = yes
      smtp_bind_address = 
      smtp_bind_address6 = 
      smtp_body_checks = 
      smtp_cname_overrides_servername = no
      smtp_connect_timeout = 30s
      smtp_connection_cache_destinations = 
      smtp_connection_cache_on_demand = yes
      smtp_connection_cache_time_limit = 2s
      smtp_connection_reuse_time_limit = 300s
      smtp_data_done_timeout = 600s
      smtp_data_init_timeout = 120s
      smtp_data_xfer_timeout = 180s
      smtp_defer_if_no_mx_address_found = no
      smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
      smtp_destination_concurrency_limit = $default_destination_concurrency_limit
      smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
      smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
      smtp_destination_rate_delay = $default_destination_rate_delay
      smtp_destination_recipient_limit = $default_destination_recipient_limit
      smtp_discard_ehlo_keyword_address_maps = 
      smtp_discard_ehlo_keywords = 
      smtp_enforce_tls = no
      smtp_fallback_relay = $fallback_relay
      smtp_generic_maps = 
      smtp_header_checks = 
      smtp_helo_name = $myhostname
      smtp_helo_timeout = 300s
      smtp_host_lookup = dns
      smtp_initial_destination_concurrency = $initial_destination_concurrency
      smtp_line_length_limit = 990
      smtp_mail_timeout = 300s
      smtp_mime_header_checks = 
      smtp_mx_address_limit = 5
      smtp_mx_session_limit = 2
      smtp_nested_header_checks = 
      smtp_never_send_ehlo = no
      smtp_pix_workaround_delay_time = 10s
      smtp_pix_workaround_maps = 
      smtp_pix_workaround_threshold_time = 500s
      smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
      smtp_quit_timeout = 300s
      smtp_quote_rfc821_envelope = yes
      smtp_randomize_addresses = yes
      smtp_rcpt_timeout = 300s
      smtp_rset_timeout = 20s
      smtp_sasl_auth_cache_name = 
      smtp_sasl_auth_cache_time = 90d
      smtp_sasl_auth_enable = no
      smtp_sasl_auth_soft_bounce = yes
      smtp_sasl_mechanism_filter = 
      smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
      smtp_sasl_path = 
      smtp_sasl_security_options = noanonymous
      smtp_sasl_tls_security_options = $smtp_sasl_security_options
      smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
      smtp_sasl_type = cyrus
      smtp_send_xforward_command = no
      smtp_sender_dependent_authentication = no
      smtp_skip_5xx_greeting = yes
      smtp_skip_quit_response = yes
      smtp_starttls_timeout = 300s
      smtp_tls_CAfile = 
      smtp_tls_CApath = /certs
      smtp_tls_cert_file = 
      smtp_tls_dcert_file = 
      smtp_tls_dkey_file = $smtp_tls_dcert_file
      smtp_tls_enforce_peername = yes
      smtp_tls_exclude_ciphers = 
      smtp_tls_fingerprint_cert_match = 
      smtp_tls_fingerprint_digest = md5
      smtp_tls_key_file = $smtp_tls_cert_file
      smtp_tls_loglevel = 0
      smtp_tls_mandatory_ciphers = medium
      smtp_tls_mandatory_exclude_ciphers = 
      smtp_tls_mandatory_protocols = SSLv3, TLSv1
      smtp_tls_note_starttls_offer = yes
      smtp_tls_per_site = 
      smtp_tls_policy_maps = 
      smtp_tls_scert_verifydepth = 9
      smtp_tls_secure_cert_match = nexthop, dot-nexthop
      smtp_tls_security_level = verify
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtp_tls_session_cache_timeout = 3600s
      smtp_tls_verify_cert_match = hostname
      smtp_use_tls = yes
      smtp_xforward_timeout = 300s
      smtpd_authorized_verp_clients = $authorized_verp_clients
      smtpd_authorized_xclient_hosts = 
      smtpd_authorized_xforward_hosts = 
      smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
      smtpd_client_connection_count_limit = 50
      smtpd_client_connection_rate_limit = 0
      smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
      smtpd_client_message_rate_limit = 0
      smtpd_client_new_tls_session_rate_limit = 0
      smtpd_client_port_logging = no
      smtpd_client_recipient_rate_limit = 0
      smtpd_client_restrictions = 
      smtpd_data_restrictions = 
      smtpd_delay_open_until_valid_rcpt = yes
      smtpd_delay_reject = yes
      smtpd_discard_ehlo_keyword_address_maps = 
      smtpd_discard_ehlo_keywords = 
      smtpd_end_of_data_restrictions = 
      smtpd_enforce_tls = no
      smtpd_error_sleep_time = 1s
      smtpd_etrn_restrictions = 
      smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
      smtpd_forbidden_commands = CONNECT GET POST
      smtpd_hard_error_limit = 20
      smtpd_helo_required = no
      smtpd_helo_restrictions = 
      smtpd_history_flush_threshold = 100
      smtpd_junk_command_limit = 100
      smtpd_milters = 
      smtpd_noop_commands = 
      smtpd_null_access_lookup_key = <>
      smtpd_peername_lookup = yes
      smtpd_policy_service_max_idle = 300s
      smtpd_policy_service_max_ttl = 1000s
      smtpd_policy_service_timeout = 100s
      smtpd_proxy_ehlo = $myhostname
      smtpd_proxy_filter = 
      smtpd_proxy_timeout = 100s
      smtpd_recipient_limit = 1000
      smtpd_recipient_overshoot_limit = 1000
      smtpd_recipient_restrictions = permit_sasl_authenticated,    permit_mynetworks    reject_unauth_destination
      smtpd_reject_unlisted_recipient = yes
      smtpd_reject_unlisted_sender = no
      smtpd_restriction_classes = 
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_exceptions_networks = 
      smtpd_sasl_local_domain = 
      smtpd_sasl_path = private/auth
      smtpd_sasl_security_options = noanonymous
      smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
      smtpd_sasl_type = dovecot
      smtpd_sender_login_maps = ldap:/etc/postfix/ldap_aliases.cf
      smtpd_sender_restrictions = 
      smtpd_soft_error_limit = 10
      smtpd_starttls_timeout = 300s
      smtpd_timeout = 300s
      smtpd_tls_CAfile = /etc/ssl/TERENASSL_PATH.pem
      smtpd_tls_CApath = 
      smtpd_tls_always_issue_session_ids = yes
      smtpd_tls_ask_ccert = no
      smtpd_tls_auth_only = no
      smtpd_tls_ccert_verifydepth = 9
      smtpd_tls_cert_file = /etc/ssl/myserver.crt
      smtpd_tls_dcert_file = 
      smtpd_tls_dh1024_param_file = 
      smtpd_tls_dh512_param_file = 
      smtpd_tls_dkey_file = $smtpd_tls_dcert_file
      smtpd_tls_exclude_ciphers = 
      smtpd_tls_fingerprint_digest = md5
      smtpd_tls_key_file = /etc/ssl/private/jupiter_myserver.pem
      smtpd_tls_loglevel = 2
      smtpd_tls_mandatory_ciphers = medium
      smtpd_tls_mandatory_exclude_ciphers = 
      smtpd_tls_mandatory_protocols = SSLv3, TLSv1
      smtpd_tls_received_header = yes
      smtpd_tls_req_ccert = no
      smtpd_tls_security_level = 
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtpd_tls_session_cache_timeout = 3600s
      smtpd_tls_wrappermode = no
      smtpd_use_tls = yes
      
      
      Please is critical to solve this problem, all messages are being deferred!!!
      
      THanks
      
      
    Your message has been successfully submitted and would be delivered to recipients shortly.