FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-04-2011, 11:08 PM
Craig White
 
Default postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

On Oct 4, 2011, at 1:46 PM, Alexander Farber wrote:

> Hello,
>
> On Tue, Oct 4, 2011 at 10:37 PM, Craig White <craig.white@ttiltd.com> wrote:
>>> postfix/smtp[2061]: warning: TLS library problem:
>>> 2061:error:0906D06C:PEM routines:PEM_read_bio:no start
>>> lineem_lib.c:698:Expecting: TRUSTED CERTIFICATE:
>>> postfix/smtp[2061]: warning: TLS library problem:
>>> 2061:error:140DC009:SSL
>>
>> There's something wrong with this file as it is not a PEM encoded certificate file as is expected.
>>
>> Easy enough to verify...
>>
>> openssl x509 -in $YOUR_CERTIFICATE.pem -noout -text
>
> oops, sorry, after struggling I've just deleted
> that file and installed sendmail. I'll try your suggestion
> later though with my development VM.
>
> Could the reason also be that I've started with
> a minimalistic CentOS 6 installation and was
> missing the cyrus-sasl-plain and cyrus-sasl-md5 packages?
----
I personally have found postfix much easier to deal with in all phases, especially with details such as sasl and ldap.

I think your issue was not understanding what the certificates are, how they are created, how they interact, etc. and thus your issue really isn't going to be solved with either postfix or sendmail but rather certificates in general.

If you are going to have self-signed certificates, you need a mechanism to:

1 - create a CA (Certificate Authority) and generate a private key and a CA Certificate. This private key would be needed to sign certificate requests.

2 - generate a signing request for various services such as an SMTP server - this should include a directive to output the key into a separate file. This key is NOT the CA key.

3 - sign the request which generates a PEM encoded certificate and thus you should end up with 3 files useful for your SMTP server:
- ca certificate
- smtp certificate
- smtp key (for the certificate)

This methodology counts on various SMTP servers to not verify the client certificate your SMTP server presents (ie, Google in your case if I recall correctly) which is generally the case.

I have implemented a reasonably feature complete set of scripts to be my own CA with 4 distinct certificate types (1 for HTTP server, 1 for IMAP servers, 1 for SMTP servers and 1 for LDAP servers) and a reasonably feature complete set of scripts for an LDAP server (master), LDAP server (slave aka replicant) and LDAP clients and at some point, I will try to figure out a way to pass this info on to others but I suspect that it will take a long time to document because I would suspect that the target audience isn't fully up to speed.

I don't think either of the 2 cyrus-sasl packages you mentioned are required to send e-mail via tls to Google's SMTP server but I haven't installed RHEL or CentOS 6 so I wouldn't know but those are very small packages and won't hurt to install... I think they are both geared to your server authenticating users but I am not sure.

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 02:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org