Summary: | Upgrade to Postfix 2.2.2-r1 breaks SSL Support | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Loren Bandiera <lorenb> |
Component: | [OLD] Server | Assignee: | Net-Mail Packages <net-mail+disabled> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Loren Bandiera
2005-05-15 13:58:39 UTC
Whats your master.cf ? Cheers, Ferdy Here is my master.cf: # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o content_filter=amavis:[127.0.0.1]:10024 #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr #tlsmgr fifo - - n 300 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # maildrop. See the Postfix MAILDROP_README file for details. # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - n n - - pipe user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= during the setup stage, you were prompted: * you have "ssl" in your USE flags, TLS will be enabled. * This service entry is incompatible with previous TLS patch. * Visit http://www.postfix.org/TLS_README.html for more info. and ChangeLog: *postfix-2.2.0 (09 Mar 2005) 09 Mar 2005; Tuấn Văn <langthang@gentoo.org> +postfix-2.2.0.ebuild: New postfix-2.2.0 release. This release includes IPV6 and TLS in the official release. "vda" has been removed as it isn't available for experimetal Postfix release. "vda" will be added as soon as it's available. Please review these document for more infomation: ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.2.0.RELEA SE_NOTES http://www.postfix.org/TLS_README.html http://www.postfix.org/IPV6_README.html Please review the mentioned docs. I read over the docs. The entries I was missing in my main.cf were: smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache Once I put those in, the SSL support starting working again. Thanks. > smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
> smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
not that. the default paramters should work. You don't have to do TLS session cache, unless you want to. From my working server with TLS support:
# postconf smtp_tls_session_cache_database
smtp_tls_session_cache_database =
# postconf smtpd_tls_session_cache_database
smtpd_tls_session_cache_database =
There are parameters that have been renamed/removed, for example:
# postconf smtp_sasl_tls_verified_security_options
postconf: warning: smtp_sasl_tls_verified_security_options: unknown parameter
you need to remove them from your main.cf
Anyway, resolved as WFM.
|