Trying to upgrade postfix from v2.1.5-r2 -> v2.2.2-r1. It compiled and instaled but on re-start of the daemon I get the following errors: postfix/postfix-script: starting the Postfix mail system postfix/master[24972]: daemon started -- version 2.2.2, configuration /etc/postfix postfix/smtpd[24976]: initializing the server-side TLS engine postfix/smtpd[24976]: warning: connect to private/tlsmgr: Connection refused postfix/smtpd[24976]: warning: problem talking to server private/tlsmgr: Connection refused postfix/smtpd[24976]: warning: connect to private/tlsmgr: Connection refused postfix/smtpd[24976]: warning: problem talking to server private/tlsmgr: Connection refused postfix/smtpd[24976]: warning: no entropy for TLS key generation: disabling TLS support # postconf | grep tls smtp_enforce_tls = no smtp_sasl_tls_security_options = $var_smtp_sasl_opts smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts smtp_starttls_timeout = 300s smtp_tls_CAfile = smtp_tls_CApath = smtp_tls_cert_file = smtp_tls_cipherlist = smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_enforce_peername = yes smtp_tls_key_file = $smtp_tls_cert_file smtp_tls_loglevel = 0 smtp_tls_note_starttls_offer = yes smtp_tls_per_site = smtp_tls_scert_verifydepth = 5 smtp_tls_session_cache_database = smtp_tls_session_cache_timeout = 3600s smtp_use_tls = no smtpd_enforce_tls = no smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_starttls_timeout = 300s smtpd_tls_CAfile = /etc/ssl/postfix/server.pem smtpd_tls_CApath = smtpd_tls_ask_ccert = no smtpd_tls_auth_only = no smtpd_tls_ccert_verifydepth = 5 smtpd_tls_cert_file = /etc/ssl/postfix/server.pem smtpd_tls_cipherlist = smtpd_tls_dcert_file = smtpd_tls_dh1024_param_file = smtpd_tls_dh512_param_file = smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_key_file = /etc/ssl/postfix/server.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_req_ccert = no smtpd_tls_session_cache_database = smtpd_tls_session_cache_timeout = 3600s smtpd_tls_wrappermode = no smtpd_use_tls = yes tls_daemon_random_bytes = 32 tls_daemon_random_source = tls_ipv6_version = 1.26 tls_random_bytes = 32 tls_random_exchange_name = ${config_directory}/prng_exch tls_random_prng_update_period = 60s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom Reproducible: Always Steps to Reproduce: 1. /etc/init.d/postfix stop 2. emerge postfix 3. etc-update 4. /etc/init.d/postfix start Portage 2.0.51.21-r1 (default-linux/amd64/2005.0/no-multilib, gcc-3.4.3-20050110, glibc-2.3.5-r0, 2.6.11-gentoo-r8 x86_64) ================================================================= System uname: 2.6.11-gentoo-r8 x86_64 AMD Athlon(tm) 64 Processor 3800+ Gentoo Base System version 1.6.11 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.11 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -fstack-protector" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/mail /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control /var/run/dspam /var/spool/dspam" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon64 -O2 -pipe -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 acpi alsa apache2 berkdb bitmap-fonts crypt curl font-server fortran gd gdbm gif ipv6 jp2 jpeg ldap lzw lzw-tiff mp3 ncurses nls nptl pam png procmail python readline samba sasl slang ssl tcpd tiff truetype-fonts type1-fonts usb userlocales xml2 xpm xrandr zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Whats your master.cf ? Cheers, Ferdy
Here is my master.cf: # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o content_filter=amavis:[127.0.0.1]:10024 #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr #tlsmgr fifo - - n 300 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # maildrop. See the Postfix MAILDROP_README file for details. # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - n n - - pipe user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200 127.0.0.1:10025 inet n - n - - smtpd -o content_filter=
during the setup stage, you were prompted: * you have "ssl" in your USE flags, TLS will be enabled. * This service entry is incompatible with previous TLS patch. * Visit http://www.postfix.org/TLS_README.html for more info. and ChangeLog: *postfix-2.2.0 (09 Mar 2005) 09 Mar 2005; Tuấn Văn <langthang@gentoo.org> +postfix-2.2.0.ebuild: New postfix-2.2.0 release. This release includes IPV6 and TLS in the official release. "vda" has been removed as it isn't available for experimetal Postfix release. "vda" will be added as soon as it's available. Please review these document for more infomation: ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.2.0.RELEA SE_NOTES http://www.postfix.org/TLS_README.html http://www.postfix.org/IPV6_README.html Please review the mentioned docs.
I read over the docs. The entries I was missing in my main.cf were: smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache Once I put those in, the SSL support starting working again. Thanks.
> smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache > smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache not that. the default paramters should work. You don't have to do TLS session cache, unless you want to. From my working server with TLS support: # postconf smtp_tls_session_cache_database smtp_tls_session_cache_database = # postconf smtpd_tls_session_cache_database smtpd_tls_session_cache_database = There are parameters that have been renamed/removed, for example: # postconf smtp_sasl_tls_verified_security_options postconf: warning: smtp_sasl_tls_verified_security_options: unknown parameter you need to remove them from your main.cf Anyway, resolved as WFM.