Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Darren Grant <dgrant@×××××××××××.ca>
To: gentoo-user@l.g.o
Subject: [gentoo-user] TLS errors
Date: Mon, 15 May 2006 18:31:34
Message-Id: 4468C46C.20407@monstertech.ca
1 I'm having trouble using email clients to authenticate outgoing mail via
2 TLS. Any help would be greatly appreciated.
3
4 This is the error from my maillog...
5
6 May 15 11:00:10 amhs1 postfix/smtpd[4278]: initializing the server-side
7 TLS engine
8 May 15 11:00:10 amhs1 postfix/smtpd[4278]: warning: cannot get private
9 key from file /etc/postfix/newreq.pem
10 May 15 11:00:10 amhs1 postfix/smtpd[4278]: warning: TLS library problem:
11 4278:error:0906D06C:PEM routines:PEM_read_bio:no start
12 line:pem_lib.c:642:Expecting: ANY PRIVATE KEY:
13 May 15 11:00:10 amhs1 postfix/smtpd[4278]: warning: TLS library problem:
14 4278:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
15 lib:ssl_rsa.c:709:
16 May 15 11:00:10 amhs1 postfix/smtpd[4278]: cannot load RSA certificate
17 and key data
18
19 I followed the guide "Virtual Mailhosting System with Postfix Guide"
20 (http://www.gentoo.org/doc/en/virt-mail-howto.xml) to configure my mail
21 server... everything is working great except for smtp authentication via
22 TLS.
23
24 # nano -w /etc/sasl2/smtpd.conf
25 mech_list: PLAIN LOGIN
26 pwcheck_method: saslauthd
27 # nano -w /etc/conf.d/saslauthd
28 SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"
29 # /etc/init.d/saslauthd start
30
31 # cd misc
32 # nano -w CA.pl
33 (We need to add -nodes to the # create a certificate and
34 #create a certificate request code in order to let our new ssl
35 certs be loaded without a password. Otherwise when you
36 reboot your ssl certs will not be available.)
37
38 # create a certificate
39 system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");
40
41 # create a certificate request
42 system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
43
44 # ./CA.pl -newca
45 # ./CA.pl -newreq
46 # ./CA.pl -sign
47 # cp newcert.pem /etc/postfix
48 # cp newreq.pem /etc/postfix
49 # cp demoCA/cacert.pem /etc/postfix
50
51 Then I added in TLS support to my main.cf and pointed to the newly created certs.
52 Again I can authenticate imap access even from my virtual domains... but trying to authenticate outgoing email gets "relaying denied"
53
54 Thanks,
55 Darren
56
57
58 --
59 gentoo-user@g.o mailing list
Report Message
Find on MARC Find on Google Groups