[mdlug] Setting up SSL/TLS/SASL on Postfix

[Adam Tauno Williams]

On Thu, 2013-01-17 at 09:37 -0500, Robert Adkins II wrote:
> > > I have been working on adding the ability to send/receive 
> > emails via 
> > > our iPhones to the office servers and while I have SSL all setup on 
> > > the IMAP server and can read, delete and move around emails all day 
> > > long. I'm stuck on getting the SMTPS part of the equation 
> > up and running.
> > > I have created ssl certs and a self-signed certificate and 
> > have them 
> > > all pointed to in the configuration file, but I am ending 
> > up with all 
> > > sorts of odd error messages, none of which occurred with setting up 
> > > the IMAPS service.
> > > Errors include:
> > > warning: connect to private/tlsmgr: No such file or directory
> > > warning: problem talking to server private/tlsmgr: No such file or 
> > > directory
> > Have you configured the server for smtp_ or smtpd_ ?
> The default OpenSuSe install, which I understand to be smtpd_

smtp is for sending, and smtpd is for receiving; roughly.

> > Is the tlsmgr process running?
> It is... now.

That will help! :)

> I finally received a notification that the server has a sercurity
> certificate and it passed the cert down to my client. However, it's not
> accepting the password, plaintext. I also attempted encrypted, but that was
> clearly rejected as the server not supporting encrypted passwords. 

What does "not supporting encrypted passwords" mean?.  How are you
performing authentication?

If you are using passwords then I assume testsaslsuthd works?

> > > warning: no entropy for TLS key generation: disabling TLS support
> > You have an entropy problem!  Odd.  How busy is this server?
> This server that I am testing with is a virtual machine. There's
> only me logging into it. It's only running a couple of services and I'm
> testing the email connectivity within itself. I want to get this all down
> pat before working this up on the main server. 

Fixing tlsmgr, so that it is running, may have helped this.