I recently used the opensuse 10.3 perfect server guide to try to set up secure smtp emails via my sky broadband account (now ran by google I believe)

I previously set up email to work via mailx by using the yast module and pointing at my sky's smtp server. Sky have now changed this and it must use ssl.
I have proved this works fine using mozilla thunderbird but I need it to work from mailx (well perl actually) instead. The config screens in yast do not allow setting up of SSL.

So I tried thisguide but this doesn't seem to be working. The mail logs show it has been rejected. If I do a telnet localhost 25 it jsut hangs without any output.

I was wondering if you knew what I had done wrong. Thanks in advance.
Anybody any ideas? Looks to me like it gets through to server and tries but the server at the other end doesn't like the certificates?

Thanks in advance.

Feb 24 18:30:26 gandalf postfix/smtp[8749]: certificate verification failed for smtp.tools.sky.com: num=20:unable to get local issuer certificate
Feb 24 18:30:26 gandalf postfix/smtp[8749]: certificate verification failed for smtp.tools.sky.com: num=27:certificate not trusted
Feb 24 18:30:27 gandalf postfix/smtp[8749]: 2E197B2B7C: to=<emailaddress@emailadress.com>, relay=smtp.tools.sky.com[66.249.93.208]:25, delay=2.1, delays=0.21/0.05/1.8/0.11, dsn=5.5.1, status=bounced (host smtp.tools.sky.com[66.249.93.208] said: 530 5.5.1 Authentication Required 34sm1193113uga.52 (in reply to MAIL FROM command))

Check if the certificate they are using is signed by a real CA, if so then.

Am sure suse ships with root certificates of various CA's so point your postfix to that file using the

smtp_tls_CAfile
smtp_tls_CApath


Options.

Thanks. I found another guide that gave a text version of the certificate to add in to the cacert.pem file. It still didn't work after this, but gave a different error.
I then tried following this other guide (which was actually for ubuntu) and have managed to send an email. I'm not quite sure why it has worked but didn't previously. It may just be lax typing when creating the certificates as it looks roughly the same. The cacert.pem file looked different after following this guide.

I intend to retrace my steps afterwards to work out what went wrong the first time and get a procedure together for myself, but it works which is the main thing.

Not sure what the rukles are on this forum re links to other sites, but here is the guide for competeness.

http://www.marksanborn.net/linux/send-mail-postfix-through-gmails-smtp-on-a-ubuntu-lts-server/

Perhaps the author could review to see if anything needs adding to the howto on this site.

Thanks all.

Actually i think i did not understand the way you phrased your question i already posted a solution for a similar issue in this tread. http://www.howtoforge.com/forums/showthread.php?t=19971

I dont doubt you didn't understand how I phrased my question - I wasn't entirely sure of any of the terminology I was talking about.

The post you mention looks a damn sight simpler, and seems similar to other posts I'd tried that didn't work.

I'll do a reinstall of postfix and try this out.

Thanks again.

Still cant get this working 100%. If I try to send an email using my perl program with my current config I get the following errors.

==> mail <==
Feb 27 20:44:14 gandalf postfix/postfix-script[735]: fatal: usage: postfix start (or stop, reload, abort, flush, check, set-permissions, upgrade-configuration)
Feb 27 20:44:19 gandalf postfix/smtpd[704]: connect from localhost[127.0.0.1]
Feb 27 20:44:19 gandalf postfix/smtpd[704]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <to@googlemail.com>: Recipient address rejected: Relay access denied; from=<from@sky.com> to=<to@googlemail.com> proto=ESMTP helo=<localhost.localdomain>
Feb 27 20:44:19 gandalf postfix/smtpd[704]: lost connection after RCPT from localhost[127.0.0.1]
Feb 27 20:44:19 gandalf postfix/smtpd[704]: disconnect from localhost[127.0.0.1]
Feb 27 20:44:19 gandalf postfix/smtpd[709]: connect from localhost[127.0.0.1]

I then removed and reinstalled postfix and configured using just the other thread you suggested. I now seem to be back at square one:

==> mail <==
Feb 27 21:00:56 gandalf postfix/smtp[4105]: 633E6C64D9: to=<to@googlemail.com>, relay=smtp.tools.sky.com[66.249.93.208]:587, delay=0.99, delays=0.12/0/0.77/0.1, dsn=5.7.0, status=bounced (host smtp.tools.sky.com[66.249.93.208] said: 530 5.7.0 Must issue a STARTTLS command first u7sm696575uge.35 (in reply to MAIL FROM command))
Feb 27 21:00:56 gandalf postfix/cleanup[4107]: 77698C64DA: message-id=<20080227210056.77698C64DA@gandalf.site>
Feb 27 21:00:56 gandalf postfix/qmgr[4089]: 77698C64DA: from=<>, size=2279, nrcpt=1 (queue active)
Feb 27 21:00:56 gandalf postfix/bounce[4106]: 633E6C64D9: sender non-delivery notification: 77698C64DA
Feb 27 21:00:56 gandalf postfix/qmgr[4089]: 633E6C64D9: removed
Feb 27 21:00:56 gandalf postfix/local[4108]: 77698C64DA: to=<root@gandalf.site>, relay=local, delay=0.13, delays=0.06/0/0/0.06, dsn=2.0.0, status=sent (delivered to mailbox)

My config:
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = gandalf.site
program_directory = /usr/lib/postfix
inet_interfaces = localhost
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost = smtp.tools.sky.com
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/gmail_passwd
smtp_sasl_type = cyrus
relayhost = smtp.tools.sky.com:587
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000

gandalf:/etc/postfix # more gmail_passwd
smtp.sky.com:587 from@googlemail.com:password
smtp.tools.sky.com:587 from@googlemail.com:password

Any ideas what I am doing wrong.

You relayhost expects you to do SMTP-AUTH over a TLS encrypted session and you have disabled TLS by the option

smtp_use_tls = no

You need to turn that to yes

Then you possibly need to change this as well

relayhost = [smtp.tools.sky.com]:587


[smtp.tools.sky.com]:587 from@googlemail.comassword

Thanks. Still getting problems on a mailx command though.

==> mail <==
Feb 28 18:45:38 gandalf postfix/pickup[12885]: 63EFDC64B0: uid=0 from=<root>
Feb 28 18:45:38 gandalf postfix/cleanup[12953]: 63EFDC64B0: message-id=<20080228184538.63EFDC64B0@gandalf.site>
Feb 28 18:45:38 gandalf postfix/qmgr[12886]: 63EFDC64B0: from=<root@gandalf.site>, size=421, nrcpt=1 (queue active)
Feb 28 18:45:38 gandalf postfix/smtp[12955]: warning: connect to private/tlsmgr: Connection refused
Feb 28 18:45:38 gandalf postfix/smtp[12955]: warning: problem talking to server private/tlsmgr: Connection refused

==> mail <==
Feb 28 18:45:39 gandalf postfix/smtp[12955]: warning: connect to private/tlsmgr: Connection refused
Feb 28 18:45:39 gandalf postfix/smtp[12955]: warning: problem talking to server private/tlsmgr: Connection refused
Feb 28 18:45:39 gandalf postfix/smtp[12955]: warning: no entropy for TLS key generation: disabling TLS support

==> mail <==
Feb 28 18:45:40 gandalf postfix/smtp[12955]: 63EFDC64B0: to=<to@googlemail.com>, relay=smtp.tools.sky.com[66.249.93.208]:587, delay=1.8, delays=0.13/1/0.57/0.09, dsn=5.7.0, status=bounced (host smtp.tools.sky.com[66.249.93.208] said: 530 5.7.0 Must issue a STARTTLS command first s1sm524365uge.28 (in reply to MAIL FROM command))
Feb 28 18:45:40 gandalf postfix/cleanup[12953]: 51D18C64D9: message-id=<20080228184540.51D18C64D9@gandalf.site>
Feb 28 18:45:40 gandalf postfix/qmgr[12886]: 51D18C64D9: from=<>, size=2279, nrcpt=1 (queue active)
Feb 28 18:45:40 gandalf postfix/bounce[12956]: 63EFDC64B0: sender non-delivery notification: 51D18C64D9
Feb 28 18:45:40 gandalf postfix/qmgr[12886]: 63EFDC64B0: removed
Feb 28 18:45:40 gandalf postfix/local[12957]: 51D18C64D9: to=<root@gandalf.site>, relay=local, delay=0.13, delays=0.05/0.02/0/0.06, dsn=2.0.0, status=sent (delivered to mailbox)
Feb 28 18:45:40 gandalf postfix/qmgr[12886]: 51D18C64D9: removed

[smtp.tools.sky.com]:587 from@sky.com:password

readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = gandalf.site
program_directory = /usr/lib/postfix
inet_interfaces = localhost
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/gmail_passwd
smtp_sasl_type = cyrus
relayhost = [smtp.tools.sky.com]:587
smtpd_sasl_auth_enable = no
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000

Thanks again for your ongoing help - any other ideas?

Thats because i think you are not running the postfix tlsmgr program or the socket is not accessable.

Do you have this in your master.cf file ?

tlsmgr unix - - n 1000? 1 tlsmgr

You are indeed correct. It was there but got lost when I reinstalled.
Getting very close now.
In fact it has now sent a couple of emails but has now stopped again. Getting the following errors:

==> mail <==
Feb 28 21:14:54 gandalf postfix/smtpd[26519]: warning: No server certs available. TLS won't be enabled
Feb 28 21:14:54 gandalf postfix/smtpd[26519]: connect from localhost[127.0.0.1]
Feb 28 21:14:54 gandalf postfix/smtpd[26519]: 1D390C64D9: client=localhost[127.0.0.1]
Feb 28 21:14:54 gandalf postfix/cleanup[26522]: 1D390C64D9: message-id=<20080228211454.1D390C64D9@gandalf.site>

==> mail <==
Feb 28 21:15:04 gandalf postfix/smtp[26523]: certificate verification failed for smtp.tools.sky.com: num=20:unable to get local issuer certificate
Feb 28 21:15:04 gandalf postfix/smtp[26523]: certificate verification failed for smtp.tools.sky.com: num=27:certificate not trusted

==> mail <==
Feb 28 21:15:15 gandalf postfix/smtp[26452]: A4891C64B0: to=<to@googlemail.com>, relay=smtp.tools.sky.com[66.249.93.208]:587, delay=149, delays=72/0.11/2.4/74, dsn=2.0.0, status=sent (250 2.0.0 OK 1204233187 p39sm563998ugd.85)
Feb 28 21:15:15 gandalf postfix/qmgr[26441]: A4891C64B0: removed

This genuinely did work for a few emails. To explain I am using this to email event attachments from a cctv system (zoneminder) which uses perl, so I can store them online. Several events were sent (despite the warnings) but now it has stopped sending any more. I've restarted postfix but hasn't made any difference.

Apologies once again for this, but sadly I'm really confused by all the terminoligy here so really am just following the guide and your instructions blindly. Do I need the gmail server certificate from the other article or should it work without it?

Thanks

Right, scrap the last email.
Those certificate errors look like red herrings. The emails are all coming through, it just seems to be taking a while for the ISP to send some of them so they are coming through in the wrong order.

If you know how to supress the warnings in the mail log then I'd still be interested, but other than that its all working great now.

Thanks once again for your help - I certainly wouldn't have got this working by myself or with the other guides I've found on the web.

Excellent Stuff!!

If you want the certificate errors to go away then you need to enable TLS for the smtpd server as well, with the present setup you have TLS enabled only for the smtp client.

OK, thanks again. I'll live with it for now but do a bit more reading up play with it some time in the future.

Cheers