[Postfixbuch-users] Hilfe postfix und ssl Zertifikat macht probleme
Achim Altmann
aa at com-gate.com
So Apr 13 13:49:00 CEST 2003
Hallo,
Problem:
wenn ich per outlook mit imap und ssl konfiguriere frägt outlook nur einmal
wegen dem zertifikat.
Konfiguriere ich jedoch outlook mit ssl für smtp so werde ich bei jedem connect
gefragt ob ich das Zertifiat akzeptieren möchte.
Das ist nervig und im maillog auf dem server erhalte ich auch fehlermeldungen .
Das versenden klappt aber.
ich habe nach Lutz.Jaenicke postfix für ssl übersetzt und konfiguriert
Bitte um Entschuldigung für das lange Listing hoffe aber das es hilfreich ist
für die Fehlersuche.
Hier der Auszug aus der main.cf
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
#smtpd_tls_key_file = /etc/postfix/newreq.pem
#smtpd_tls_cert_file = /etc/postfix/newcert.pem
#smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_key_file = /etc/postfix/smtp.com-gate.com_key.pem
smtpd_tls_cert_file = /etc/postfix/smtp.com-gate.com_cert.pem
smtpd_tls_CAfile = /etc/postfix/RootCert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Ich habe es nun auch mit einem Wurzelzertifikat probiert mit dem ich die anderen
zertifikate erstelle.
Apr 13 13:31:58 alpha1 postfix/smtpd[14835]: starting TLS engine
Apr 13 13:31:58 alpha1 postfix/smtpd[14835]: connect from
p3EE37F99.dip.t-dialin.net[62.227.127.153]
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: setting up TLS connection from
p3EE37F99.dip.t-dialin.net[62.227.127.153]
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:before/accept
initialization
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (11
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv2/v3 read
client hello A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (11
bytes => 11 (0xB))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 80 46 01 03 01 00 2d 00|00 00
10 .F....-. ...
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BEB] (61
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv2/v3 read
client hello B
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BEB] (61
bytes => 61 (0x3D))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 8f 80 01 80 00 03 80 00|01 81
00 01 81 00 03 82 ........ ........
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0010 00 01 00 00 64 00 00 62|00 00
03 00 00 06 83 00 ....d..b ........
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0020 04 84 28 40 02 00 80 04|00 80
00 00 63 a4 2d 7a ..(@.... ....c.-z
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0030 4c 85 b1 86 b9 14 d1 bf|6c 64
f2 fb 83 L....... ld...
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 read client hello A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 write server hello
A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 write certificate A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 write server done A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: write to 080D16C8 [080EEC08] (2609
bytes => 2609 (0xA31))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 16 03 01 00 4a 02 00 00|46 03
01 3e 99 4a af d5 ....J... F..>.J..
..
.
..
.
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0a10 79 22 37 02 55 e0 79 88|75 3b
7d 49 b9 e9 fa b4 y"7.U.y. u;}I....
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0a20 6a 3b fb 93 28 25 32 20|16 03
01 00 04 0e j;..(%2 ......
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0a31 - <SPACES/NULS>?
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 flush data
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (5
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv3 read
client certificate A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv3 read
client certificate A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (5
bytes => 5 (0x5))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 16 03 01 00 86 .....
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE5] (134
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv3 read
client certificate A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE5] (134
bytes => 134 (0x86))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 10 00 00 82 00 80 51 df|0a 1b
e4 ab 47 14 19 89 ......Q. ....G...
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0010 64 73 1a 39 ea 89 18 68|75 88
1c dd 7a 20 bd 4e ds.9...h u...z .N
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0020 fd ce 84 5f 17 90 94 21|f5 95
5b 40 98 60 1b 28 ..._...! ..[@.`.(
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0030 e2 d8 c4 af 89 f6 de 93|53 18
06 b2 7d ed 95 22 ........ S...}.."
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0040 79 4d 51 22 68 28 54 fc|80 8a
9e 24 37 bd ff 38 yMQ"h(T. ...$7..8
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0050 9b c6 c5 a3 82 9f c2 91|e8 ef
29 88 e9 fa 22 c8 ........ ..)...".
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0060 51 2c 7d 96 ef 87 77 b7|75 3f
ff 0e 4d f3 0d 8e Q,}...w. u?..M...
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0070 a0 88 30 27 ba 9c b2 41|b4 c9
5c 49 f0 9f 28 1c ..0'...A ..\I..(.
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0080 64 51 57 37 5f fb dQW7_.
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 read client key
exchange A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (5
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv3 read
certificate verify A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (5
bytes => 5 (0x5))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 14 03 01 00 01 .....
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE5] (1
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv3 read
certificate verify A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE5] (1
bytes => 1 (0x1))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 01 .
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (5
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv3 read
certificate verify A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE0] (5
bytes => 5 (0x5))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 16 03 01 00 24 ....$
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE5] (36
bytes => -1 (0xFFFFFFFF))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:error in SSLv3 read
certificate verify A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: read from 080D16C8 [080E0BE5] (36
bytes => 36 (0x24))
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0000 9b e0 1a 8a 9c 01 2b b2|33 0b
d1 56 da a0 5d 0f ......+. 3..V..].
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0010 1d 5c fd 8e d8 82 14 8b|08 1a
aa 69 0f 1b db a4 .\...... ...i....
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: 0020 e5 13 b1 fb ....
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 read finished A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 write change
cipher spec A
Apr 13 13:31:59 alpha1 postfix/smtpd[14835]: SSL_accept:SSLv3 write finished A
Kann mir jemand helfen bzw. sieht jemand das problem?
Gruss und danke Achim
--
________________________________________
Fa. Com-Gate
Altmühlstrasse 32
D-90542 Eckental
Phone: +49 9126 40 12
Fax : +49 9126 29 18 31
Mobil: +49 172 834 56 26
Mehr Informationen über die Mailingliste Postfixbuch-users