ich habe einen Postfix mit TLS unterstützung compiled und die entsprechenden Zertifikate erstellt.
Auf dem Server habe ich also ein CAcert.pem, ein cert.pem und den key.pem. Das ganze funktioniert auch ganz gut, andere Server verwenden bereits TLS wenn sie zu unseren Mails zustellen.
Nun weis ich nicht wirklich was ein Postfix Client vom Server braucht, um die TLS Connection aufbauen und richtig authentifizieren zu könnnen. Ich will also von meinem Lokalen PC per relay Host über unseren Mailserver TLS geschützt mails verschicken.
Ich habe also auch für meinen Lokalen host hier die Zertifikate (CAcert, cert und den key) erstellt, bekomme aber
in der Maillog Fehlermeldungen wie diese hier:
Code: Alles auswählen
Sep 30 20:11:29 radiohead postfix/smtp[1842]: starting TLS engine
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:before/connect initialization
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv2/v3 write client hello A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv2/v3 read server hello A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server hello A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server hello A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 read server hello A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server certificate A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server certificate A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: Peer cert verify depth=1 /C=DE/ST=Bavaria/L=Nuernberg/O=Internet Widgits Pty Ltd/CN=<name>/Email=email@domain.de
Sep 30 20:11:29 radiohead postfix/smtp[1842]: verify return:1
Sep 30 20:11:29 radiohead postfix/smtp[1842]: Peer cert verify depth=0 /C=DE/ST=Bavaria/L=Nuernberg/O=Internet Widgits Pty Ltd/CN=<name>/Email=email@domain.de
Sep 30 20:11:29 radiohead postfix/smtp[1842]: Peer verification: CommonName in certificate does not match: <name> != <server.host>
Sep 30 20:11:29 radiohead postfix/smtp[1842]: verify return:1
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 read server certificate A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server key exchange A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server key exchange A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 read server key exchange A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server certificate request A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read server certificate request A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 read server done A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 write client key exchange A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 write change cipher spec A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 write finished A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 flush data
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:error in SSLv3 read finished A
Sep 30 20:11:29 radiohead last message repeated 3 times
Sep 30 20:11:29 radiohead postfix/smtp[1842]: SSL_connect:SSLv3 read finished A
Sep 30 20:11:29 radiohead postfix/smtp[1842]: Verified: subject_CN=<name>, issuer=<name>
Sep 30 20:11:29 radiohead postfix/smtp[1842]: TLS connection established to <server.host>: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)