Postfix TLS issue
by linuxdistro from LinuxQuestions.org on (#5ANVP)
I run a Cenots 8 with postfix.
It's only for MTA and does not receive emails.
I'm trying to enable TLS using a self-signed cert but running into issues. Non-TLS plaintext emails get sent out fine but not when using TLS.
This is what I've done:
Code:mkdir /etc/postfix/ssl
cd /etc/postfix/sslCode:openssl req -x509 -nodes -newkey rsa:2048 -keyout server.key -out server.crt -nodes -days 1825And this is how main.cf is for the TLS section:
Code:
# TLS CONFIGURATION
#
# Basic Postfix TLS configuration by default with self-signed certificate
# for inbound SMTP and also opportunistic TLS for outbound SMTP.
# The full pathname of a file with the Postfix SMTP server RSA certificate
# in PEM format. Intermediate certificates should be included in general,
# the server certificate first, then the issuing CA(s) (bottom-up order).
#
#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
# The full pathname of a file with the Postfix SMTP server RSA private key
# in PEM format. The private key must be accessible without a pass-phrase,
# i.e. it must not be encrypted.
#
#smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
# Announce STARTTLS support to remote SMTP clients, but do not require that
# clients use TLS encryption (opportunistic TLS inbound).
#
#smtpd_tls_security_level = may
# Directory with PEM format Certification Authority certificates that the
# Postfix SMTP client uses to verify a remote SMTP server certificate.
#
#smtp_tls_CApath = /etc/pki/tls/certs
# The full pathname of a file containing CA certificates of root CAs
# trusted to sign either remote SMTP server certificates or intermediate CA
# certificates.
#
#smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext (opportunistic TLS outbound).
#
#smtp_tls_security_level = may
#meta_directory = /etc/postfix
#shlib_directory = /usr/lib64/postfix
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandomAnd when I try to send an email using TLS through this host, it fails and when I check the log, it says the following:
Code:Nov 20 17:45:34 gvm postfix/smtpd[9716]: lost connection after EHLO from contoso.local [192.168.100.50]
Nov 20 17:45:34 gvm postfix/smtpd[9716]: disconnect from contoso.local[192.168.100.50] ehlo=1 commands=1Any suggestions?
TIA
It's only for MTA and does not receive emails.
I'm trying to enable TLS using a self-signed cert but running into issues. Non-TLS plaintext emails get sent out fine but not when using TLS.
This is what I've done:
Code:mkdir /etc/postfix/ssl
cd /etc/postfix/sslCode:openssl req -x509 -nodes -newkey rsa:2048 -keyout server.key -out server.crt -nodes -days 1825And this is how main.cf is for the TLS section:
Code:
# TLS CONFIGURATION
#
# Basic Postfix TLS configuration by default with self-signed certificate
# for inbound SMTP and also opportunistic TLS for outbound SMTP.
# The full pathname of a file with the Postfix SMTP server RSA certificate
# in PEM format. Intermediate certificates should be included in general,
# the server certificate first, then the issuing CA(s) (bottom-up order).
#
#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
# The full pathname of a file with the Postfix SMTP server RSA private key
# in PEM format. The private key must be accessible without a pass-phrase,
# i.e. it must not be encrypted.
#
#smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
# Announce STARTTLS support to remote SMTP clients, but do not require that
# clients use TLS encryption (opportunistic TLS inbound).
#
#smtpd_tls_security_level = may
# Directory with PEM format Certification Authority certificates that the
# Postfix SMTP client uses to verify a remote SMTP server certificate.
#
#smtp_tls_CApath = /etc/pki/tls/certs
# The full pathname of a file containing CA certificates of root CAs
# trusted to sign either remote SMTP server certificates or intermediate CA
# certificates.
#
#smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext (opportunistic TLS outbound).
#
#smtp_tls_security_level = may
#meta_directory = /etc/postfix
#shlib_directory = /usr/lib64/postfix
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandomAnd when I try to send an email using TLS through this host, it fails and when I check the log, it says the following:
Code:Nov 20 17:45:34 gvm postfix/smtpd[9716]: lost connection after EHLO from contoso.local [192.168.100.50]
Nov 20 17:45:34 gvm postfix/smtpd[9716]: disconnect from contoso.local[192.168.100.50] ehlo=1 commands=1Any suggestions?
TIA