Loading ...
Sorry, an error occurred while loading the content.

Re: error using certificate server

Expand Messages
  • Viktor Dukhovni
    ... I give up, you still can t pay attention long enough to distinguish smtp_tls_security_level from smtpd_tls_security_level . Good luck, over and out. --
    Message 1 of 10 , Feb 11, 2013
    • 0 Attachment
      On Tue, Feb 12, 2013 at 01:36:15AM +0100, deconya wrote:

      > Thanks for you answers
      >
      > I continue with the problem and I don't know where I can check more. At
      > now the situation is
      >
      > -Sends mails deferred
      >
      > -In logs appears:
      >
      > Feb 12 01:20:50 mailserver postfix/smtpd[16653]: warning:
      > smtpd_tls_security_level: unsupported TLS level "verify", using "encrypt"
      > Feb 12 01:20:50 mailserver postfix/smtpd[16653]: initializing the
      > server-side TLS engine

      I give up, you still can't pay attention long enough to distinguish
      "smtp_tls_security_level" from "smtpd_tls_security_level". Good luck,
      over and out.

      --
      Viktor.
    • deconya
      Hi Victor I understand that only is needed to use smtp_tls_security_level? O not need two options? In main.cf I have: #TLS SMTPD PARAMTERES smtpd_use_tls = yes
      Message 2 of 10 , Feb 12, 2013
      • 0 Attachment
        Hi Victor

        I understand that only is needed to use smtp_tls_security_level? O not need two options?

        In main.cf I have:

        #TLS SMTPD PARAMTERES
        smtpd_use_tls = yes
        smtpd_tls_CAfile = /etc/ssl/certs/TERENASSL_PATH.pem
        smtpd_tls_key_file = /etc/ssl/private/jupiter_mydomain.pem
        smtpd_tls_cert_file = /etc/ssl/mydomain.crt
        smtpd_tls_CApath = /etc/ssl/certs
        smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
        smtpd_tls_loglevel = 2
        smtpd_tls_received_header = yes
        smtpd_tls_session_cache_timeout = 3600s
        #smtpd_tls_security_level = verify

        smtp_use_tls = yes
        smtp_tls_CAfile = /etc/ssl/certs/TERENASSL_PATH.pem
        smtp_tls_security_level = verify
        smtp_tls_key_file = /etc/ssl/private/jupiter_mydomain.pem
        smtp_tls_cert_file = /etc/ssl/mydomain.crt
        smtp_tls_CApath = /etc/ssl/certs
        smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
        #smtp_tls_note_starttls_offer = yes


        #SASL
        relayhost = smtp.myrelayhost
        smtpd_sasl_auth_enable = yes
        smtpd_sasl_authenticated_header = yes
        smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
        smtp_sasl_security_options = noanonymous
        smtpd_sasl_security_options = noanonymous
        #smtpd_sasl_local_domain =
        smtpd_sasl_type = dovecot
        smtpd_sasl_path = private/auth

        broken_sasl_auth_clients = yes
        smtpd_sender_login_maps = ldap:/etc/postfix/ldap_aliases.cf
        smtpd_recipient_restrictions =
                permit_sasl_authenticated,
                permit_mynetworks,
                reject_unauth_destination

        tls_random_source = dev:/dev/urandom

        smtpd_delay_reject = yes

        What can I do to accept the connection to myrelayhost?

        Best Regards


        -----Mensaje original-----
        De: Viktor Dukhovni <postfix-users@...>
        Reply-to: postfix-users@...
        Para: postfix-users@...
        Asunto: Re: error using certificate server
        Fecha: Tue, 12 Feb 2013 07:01:24 +0000

        On Tue, Feb 12, 2013 at 01:36:15AM +0100, deconya wrote: > Thanks for you answers > > I continue with the problem and I don't know where I can check more. At > now the situation is > > -Sends mails deferred > > -In logs appears: > > Feb 12 01:20:50 mailserver postfix/smtpd[16653]: warning: > smtpd_tls_security_level: unsupported TLS level "verify", using "encrypt" > Feb 12 01:20:50 mailserver postfix/smtpd[16653]: initializing the > server-side TLS engine I give up, you still can't pay attention long enough to distinguish "smtp_tls_security_level" from "smtpd_tls_security_level". Good luck, over and out. -- Viktor.
      Your message has been successfully submitted and would be delivered to recipients shortly.