I recently used the opensuse 10.3 perfect server guide to try to set up secure smtp emails via my sky broadband account (now ran by google I believe) I previously set up email to work via mailx by using the yast module and pointing at my sky's smtp server. Sky have now changed this and it must use ssl. I have proved this works fine using mozilla thunderbird but I need it to work from mailx (well perl actually) instead. The config screens in yast do not allow setting up of SSL. So I tried thisguide but this doesn't seem to be working. The mail logs show it has been rejected. If I do a telnet localhost 25 it jsut hangs without any output. I was wondering if you knew what I had done wrong. Thanks in advance. Anybody any ideas? Looks to me like it gets through to server and tries but the server at the other end doesn't like the certificates? Thanks in advance. Feb 24 18:30:26 gandalf postfix/smtp[8749]: certificate verification failed for smtp.tools.sky.com: num=20:unable to get local issuer certificate Feb 24 18:30:26 gandalf postfix/smtp[8749]: certificate verification failed for smtp.tools.sky.com: num=27:certificate not trusted Feb 24 18:30:27 gandalf postfix/smtp[8749]: 2E197B2B7C: to=<[email protected]>, relay=smtp.tools.sky.com[66.249.93.208]:25, delay=2.1, delays=0.21/0.05/1.8/0.11, dsn=5.5.1, status=bounced (host smtp.tools.sky.com[66.249.93.208] said: 530 5.5.1 Authentication Required 34sm1193113uga.52 (in reply to MAIL FROM command))
Check if the certificate they are using is signed by a real CA, if so then. Am sure suse ships with root certificates of various CA's so point your postfix to that file using the Code: smtp_tls_CAfile smtp_tls_CApath Options.
Thanks. I found another guide that gave a text version of the certificate to add in to the cacert.pem file. It still didn't work after this, but gave a different error. I then tried following this other guide (which was actually for ubuntu) and have managed to send an email. I'm not quite sure why it has worked but didn't previously. It may just be lax typing when creating the certificates as it looks roughly the same. The cacert.pem file looked different after following this guide. I intend to retrace my steps afterwards to work out what went wrong the first time and get a procedure together for myself, but it works which is the main thing. Not sure what the rukles are on this forum re links to other sites, but here is the guide for competeness. http://www.marksanborn.net/linux/send-mail-postfix-through-gmails-smtp-on-a-ubuntu-lts-server/ Perhaps the author could review to see if anything needs adding to the howto on this site. Thanks all.
Actually i think i did not understand the way you phrased your question i already posted a solution for a similar issue in this tread. http://www.howtoforge.com/forums/showthread.php?t=19971
I dont doubt you didn't understand how I phrased my question - I wasn't entirely sure of any of the terminology I was talking about. The post you mention looks a damn sight simpler, and seems similar to other posts I'd tried that didn't work. I'll do a reinstall of postfix and try this out. Thanks again.
Still cant get this working 100%. If I try to send an email using my perl program with my current config I get the following errors. ==> mail <== Feb 27 20:44:14 gandalf postfix/postfix-script[735]: fatal: usage: postfix start (or stop, reload, abort, flush, check, set-permissions, upgrade-configuration) Feb 27 20:44:19 gandalf postfix/smtpd[704]: connect from localhost[127.0.0.1] Feb 27 20:44:19 gandalf postfix/smtpd[704]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Recipient address rejected: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost.localdomain> Feb 27 20:44:19 gandalf postfix/smtpd[704]: lost connection after RCPT from localhost[127.0.0.1] Feb 27 20:44:19 gandalf postfix/smtpd[704]: disconnect from localhost[127.0.0.1] Feb 27 20:44:19 gandalf postfix/smtpd[709]: connect from localhost[127.0.0.1] I then removed and reinstalled postfix and configured using just the other thread you suggested. I now seem to be back at square one: ==> mail <== Feb 27 21:00:56 gandalf postfix/smtp[4105]: 633E6C64D9: to=<[email protected]>, relay=smtp.tools.sky.com[66.249.93.208]:587, delay=0.99, delays=0.12/0/0.77/0.1, dsn=5.7.0, status=bounced (host smtp.tools.sky.com[66.249.93.208] said: 530 5.7.0 Must issue a STARTTLS command first u7sm696575uge.35 (in reply to MAIL FROM command)) Feb 27 21:00:56 gandalf postfix/cleanup[4107]: 77698C64DA: message-id=<[email protected]> Feb 27 21:00:56 gandalf postfix/qmgr[4089]: 77698C64DA: from=<>, size=2279, nrcpt=1 (queue active) Feb 27 21:00:56 gandalf postfix/bounce[4106]: 633E6C64D9: sender non-delivery notification: 77698C64DA Feb 27 21:00:56 gandalf postfix/qmgr[4089]: 633E6C64D9: removed Feb 27 21:00:56 gandalf postfix/local[4108]: 77698C64DA: to=<[email protected]>, relay=local, delay=0.13, delays=0.06/0/0/0.06, dsn=2.0.0, status=sent (delivered to mailbox) My config: readme_directory = /usr/share/doc/packages/postfix/README_FILES inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_domains = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = gandalf.site program_directory = /usr/lib/postfix inet_interfaces = localhost masquerade_domains = mydestination = $myhostname, localhost.$mydomain defer_transports = mynetworks_style = subnet disable_dns_lookups = no relayhost = smtp.tools.sky.com mailbox_command = mailbox_transport = strict_8bitmime = no disable_mime_output_conversion = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/gmail_passwd smtp_sasl_type = cyrus relayhost = smtp.tools.sky.com:587 smtpd_sasl_auth_enable = no smtpd_use_tls = no smtp_use_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 10240000 gandalf:/etc/postfix # more gmail_passwd smtp.sky.com:587 [email protected]assword smtp.tools.sky.com:587 [email protected]assword Any ideas what I am doing wrong.
You relayhost expects you to do SMTP-AUTH over a TLS encrypted session and you have disabled TLS by the option Code: smtp_use_tls = no You need to turn that to yes Then you possibly need to change this as well Code: relayhost = [smtp.tools.sky.com]:587 Code: [smtp.tools.sky.com]:587 [email protected]
Thanks. Still getting problems on a mailx command though. ==> mail <== Feb 28 18:45:38 gandalf postfix/pickup[12885]: 63EFDC64B0: uid=0 from=<root> Feb 28 18:45:38 gandalf postfix/cleanup[12953]: 63EFDC64B0: message-id=<[email protected]> Feb 28 18:45:38 gandalf postfix/qmgr[12886]: 63EFDC64B0: from=<[email protected]>, size=421, nrcpt=1 (queue active) Feb 28 18:45:38 gandalf postfix/smtp[12955]: warning: connect to private/tlsmgr: Connection refused Feb 28 18:45:38 gandalf postfix/smtp[12955]: warning: problem talking to server private/tlsmgr: Connection refused ==> mail <== Feb 28 18:45:39 gandalf postfix/smtp[12955]: warning: connect to private/tlsmgr: Connection refused Feb 28 18:45:39 gandalf postfix/smtp[12955]: warning: problem talking to server private/tlsmgr: Connection refused Feb 28 18:45:39 gandalf postfix/smtp[12955]: warning: no entropy for TLS key generation: disabling TLS support ==> mail <== Feb 28 18:45:40 gandalf postfix/smtp[12955]: 63EFDC64B0: to=<[email protected]>, relay=smtp.tools.sky.com[66.249.93.208]:587, delay=1.8, delays=0.13/1/0.57/0.09, dsn=5.7.0, status=bounced (host smtp.tools.sky.com[66.249.93.208] said: 530 5.7.0 Must issue a STARTTLS command first s1sm524365uge.28 (in reply to MAIL FROM command)) Feb 28 18:45:40 gandalf postfix/cleanup[12953]: 51D18C64D9: message-id=<[email protected]> Feb 28 18:45:40 gandalf postfix/qmgr[12886]: 51D18C64D9: from=<>, size=2279, nrcpt=1 (queue active) Feb 28 18:45:40 gandalf postfix/bounce[12956]: 63EFDC64B0: sender non-delivery notification: 51D18C64D9 Feb 28 18:45:40 gandalf postfix/qmgr[12886]: 63EFDC64B0: removed Feb 28 18:45:40 gandalf postfix/local[12957]: 51D18C64D9: to=<[email protected]>, relay=local, delay=0.13, delays=0.05/0.02/0/0.06, dsn=2.0.0, status=sent (delivered to mailbox) Feb 28 18:45:40 gandalf postfix/qmgr[12886]: 51D18C64D9: removed [smtp.tools.sky.com]:587 [email protected]assword readme_directory = /usr/share/doc/packages/postfix/README_FILES inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_domains = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = gandalf.site program_directory = /usr/lib/postfix inet_interfaces = localhost masquerade_domains = mydestination = $myhostname, localhost.$mydomain defer_transports = mynetworks_style = subnet disable_dns_lookups = no mailbox_command = mailbox_transport = strict_8bitmime = no disable_mime_output_conversion = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/gmail_passwd smtp_sasl_type = cyrus relayhost = [smtp.tools.sky.com]:587 smtpd_sasl_auth_enable = no smtpd_use_tls = yes smtp_use_tls = yes alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 10240000 Thanks again for your ongoing help - any other ideas?
Thats because i think you are not running the postfix tlsmgr program or the socket is not accessable. Do you have this in your master.cf file ? Code: tlsmgr unix - - n 1000? 1 tlsmgr
You are indeed correct. It was there but got lost when I reinstalled. Getting very close now. In fact it has now sent a couple of emails but has now stopped again. Getting the following errors: ==> mail <== Feb 28 21:14:54 gandalf postfix/smtpd[26519]: warning: No server certs available. TLS won't be enabled Feb 28 21:14:54 gandalf postfix/smtpd[26519]: connect from localhost[127.0.0.1] Feb 28 21:14:54 gandalf postfix/smtpd[26519]: 1D390C64D9: client=localhost[127.0.0.1] Feb 28 21:14:54 gandalf postfix/cleanup[26522]: 1D390C64D9: message-id=<[email protected]> ==> mail <== Feb 28 21:15:04 gandalf postfix/smtp[26523]: certificate verification failed for smtp.tools.sky.com: num=20:unable to get local issuer certificate Feb 28 21:15:04 gandalf postfix/smtp[26523]: certificate verification failed for smtp.tools.sky.com: num=27:certificate not trusted ==> mail <== Feb 28 21:15:15 gandalf postfix/smtp[26452]: A4891C64B0: to=<[email protected]>, relay=smtp.tools.sky.com[66.249.93.208]:587, delay=149, delays=72/0.11/2.4/74, dsn=2.0.0, status=sent (250 2.0.0 OK 1204233187 p39sm563998ugd.85) Feb 28 21:15:15 gandalf postfix/qmgr[26441]: A4891C64B0: removed This genuinely did work for a few emails. To explain I am using this to email event attachments from a cctv system (zoneminder) which uses perl, so I can store them online. Several events were sent (despite the warnings) but now it has stopped sending any more. I've restarted postfix but hasn't made any difference. Apologies once again for this, but sadly I'm really confused by all the terminoligy here so really am just following the guide and your instructions blindly. Do I need the gmail server certificate from the other article or should it work without it? Thanks
Right, scrap the last email. Those certificate errors look like red herrings. The emails are all coming through, it just seems to be taking a while for the ISP to send some of them so they are coming through in the wrong order. If you know how to supress the warnings in the mail log then I'd still be interested, but other than that its all working great now. Thanks once again for your help - I certainly wouldn't have got this working by myself or with the other guides I've found on the web. Excellent Stuff!!
If you want the certificate errors to go away then you need to enable TLS for the smtpd server as well, with the present setup you have TLS enabled only for the smtp client.
OK, thanks again. I'll live with it for now but do a bit more reading up play with it some time in the future. Cheers
