I'm having trouble using email clients to authenticate outgoing mail via
TLS. Any help would be greatly appreciated.
This is the error from my maillog...
May 15 11:00:10 amhs1 postfix/smtpd[4278]: initializing the server-side
TLS engine
May 15 11:00:10 amhs1 postfix/smtpd[4278]: warning: cannot get private
key from file /etc/postfix/newreq.pem
May 15 11:00:10 amhs1 postfix/smtpd[4278]: warning: TLS library problem:
4278:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:642:Expecting: ANY PRIVATE KEY:
May 15 11:00:10 amhs1 postfix/smtpd[4278]: warning: TLS library problem:
4278:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:709:
May 15 11:00:10 amhs1 postfix/smtpd[4278]: cannot load RSA certificate
and key data
I followed the guide "Virtual Mailhosting System with Postfix Guide"
(http://www.gentoo.org/doc/en/virt-mail-howto.xml) to configure my mail
server... everything is working great except for smtp authentication via
TLS.
# nano -w /etc/sasl2/smtpd.conf
mech_list: PLAIN LOGIN
pwcheck_method: saslauthd
# nano -w /etc/conf.d/saslauthd
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"
# /etc/init.d/saslauthd start
# cd misc
# nano -w CA.pl
(We need to add -nodes to the # create a certificate and
#create a certificate request code in order to let our new ssl
certs be loaded without a password. Otherwise when you
reboot your ssl certs will not be available.)
# create a certificate
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");
# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
# ./CA.pl -newca
# ./CA.pl -newreq
# ./CA.pl -sign
# cp newcert.pem /etc/postfix
# cp newreq.pem /etc/postfix
# cp demoCA/cacert.pem /etc/postfix
Then I added in TLS support to my main.cf and pointed to the newly created certs.
Again I can authenticate imap access even from my virtual domains... but trying to authenticate outgoing email gets "relaying denied"
Thanks,
Darren
--
gentoo-user@gentoo.org mailing list
