postconf and TLS on AIX
in [Postfix]
|
Prev: Current Postfix RPMs?
Next: OOPS - WAS: Postfix.org SPF
From: Theodore Durst on 7 Jul 2010 23:09 Anyone out there been able to configure postfix with TLS certificate support on AIX? I am trying to get postfix running on a RS/6000 running AIX 5.3.0.0. Postfix is working, it sends mail, which is all we want this server to do (it will never need to receive). Where I am running into trouble is getting TLS working, we postfix to send mail to a specific server and use certificates to authenticate and encrypt the transaction. I compiled Postfix with TLS and started configuration according to the instructions on the postfix.org site (http://www.postfix.org/TLS_README.html) * enabling TLS results in postfix failing to load. By process of elimination, it is pretty clear that " smtpd_tls_security_level = may" is the culprit. Any value aside from no causes a failure to start. I am not sure if these are related , but I figure it is worth mentioning. * when I run " postconf -a" nothing is returned. However, if I enter " postconf | grep cyrus" I get the following: cyrus_sasl_config_path = lmtp_sasl_type = cyrus send_cyrus_sasl_authzid = no smtp_sasl_type = cyrus smtpd_sasl_type = cyrus It looks to me like this was set to use cyrus, but shouldn't "postconf -a " tell me this? openssl is already installed on the server in /usr/bin/ I should also say that I am pretty new to AIX, but have worked with Postfix on other forms of Linux/UNIX, so I am not sure if the issues are based in Postfix, AIX strangeness or a combination of the two. Any guidance would be greatly appreciated. Theo
From: Wietse Venema on 8 Jul 2010 03:16 Theodore Durst: > * enabling TLS results in postfix failing to load. By process of eliminati >-on, it is pretty clear that " smtpd_tls_security_level = may" is the culpri >-t. Any value aside from no causes a failure to start. What is hte complete error message? TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
From: lst_hoe02 on 8 Jul 2010 05:42 Zitat von Theodore Durst <tdurst(a)durstmedia.com>: > Anyone out there been able to configure postfix with TLS certificate > support on AIX? > > I am trying to get postfix running on a RS/6000 running AIX 5.3.0.0. > Postfix is working, it sends mail, which is all we want this server > to do (it will never need to receive). Where I am running into > trouble is getting TLS working, we postfix to send mail to a > specific server and use certificates to authenticate and encrypt the > transaction. I compiled Postfix with TLS and started configuration > according to the instructions on the postfix.org site > (http://www.postfix.org/TLS_README.html) > > * enabling TLS results in postfix failing to load. By process of > elimination, it is pretty clear that " smtpd_tls_security_level = > may" is the culprit. Any value aside from no causes a failure to > start. If you speak of sending "smtp_tls_security_level" not smtpd_<mumble> is your friend.. > I am not sure if these are related , but I figure it is worth mentioning. > > * when I run " postconf -a" nothing is returned. However, if I enter > " postconf | grep cyrus" I get the following: > > cyrus_sasl_config_path = > lmtp_sasl_type = cyrus > send_cyrus_sasl_authzid = no > smtp_sasl_type = cyrus > smtpd_sasl_type = cyrus First get TLS working than add SASL/certificate auth to the path. You should also have a look in the really helpful logfile. Regards Andreas
From: Theodore Durst on 8 Jul 2010 10:01 Dr. Venema, Looking more closely, I had not specified a value for smtpd_sasl_path. Doing so seems to have resolved the issue. For the record, the error had been: # postfix start /usr/libexec/postfix/post-install: Error: "no smtpd_tls_security_level = encrypt" should be "no" or an absolute path name. postfix/postfix-script: fatal: unable to create missing queue directories postfix/postfix-script: fatal: Postfix integrity check failed! postconf - a is still not returning anything, but that doesn't seem critical t this point. Much thanks! Theo On Jul 8, 2010, at 3:16 AM, Wietse Venema wrote: > Theodore Durst: >> * enabling TLS results in postfix failing to load. By process of eliminati >> -on, it is pretty clear that " smtpd_tls_security_level = may" is the culpri >> -t. Any value aside from no causes a failure to start. > > What is hte complete error message? > > TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail > > TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html > > Thank you for using Postfix. >
|
Pages: 1 Prev: Current Postfix RPMs? Next: OOPS - WAS: Postfix.org SPF |