Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 27 November 2024, 07:59:17 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  How to disable SSL/TLS on an Endianmachine?
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How to disable SSL/TLS on an Endianmachine?  (Read 29864 times)
Niclas
Jr. Member
*
Offline Offline

Posts: 6


« on: Tuesday 05 February 2013, 01:34:08 am »

Hi!

I have tried to add the line: "smtpd_tls_security_level = none" in /etc/postfix/main.cf however the line is removed when restart the smtpproxy.
None of the changes i make in main.cf seems to stick so i guess im working on the wrong file here.

What file should i alter to make these changes?
Logged
vsenko
Full Member
***
Offline Offline

Posts: 19


« Reply #1 on: Tuesday 05 February 2013, 01:49:29 pm »

Where are you trying to disable ssl (for wich service)? And what for?
Logged
Niclas
Jr. Member
*
Offline Offline

Posts: 6


« Reply #2 on: Tuesday 05 February 2013, 05:13:17 pm »

Where are you trying to disable ssl (for wich service)? And what for?
Hi!

I am trying to disable it for the SMTP Proxy since google wont deliver mail to my domain otherwise.
You can read up on it here:
esvacommunity. com/forum/viewtopic.php?f=8&t=162
productforums.google. com/forum/m/#!topic/gmail/AyQU7MqhQNI

I cant come to think of any other solution since google wont accept the certificates on my Endian.
If you have got another workaround then i would gladly accept it.
Logged
vsenko
Full Member
***
Offline Offline

Posts: 19


« Reply #3 on: Wednesday 06 February 2013, 07:18:52 pm »

Weird, I never had such problems with gmail. Right now I'm using EFW 2.5.1 and it receives email from google without any delay.
Is it possible that the problem is in something else?
Logged
Niclas
Jr. Member
*
Offline Offline

Posts: 6


« Reply #4 on: Thursday 07 February 2013, 07:14:24 pm »

Weird, I never had such problems with gmail. Right now I'm using EFW 2.5.1 and it receives email from google without any delay.
Is it possible that the problem is in something else?

Its possible however i dont know what else to do.
Those mailing me from a google account keep getting these responses:

Technical details of temporary failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain mydomain.com by myendianmachine.mydomain.com. [...].

The error that the other server returned was:
454 4.3.0 TLS not available due to local problem
Logged
vsenko
Full Member
***
Offline Offline

Posts: 19


« Reply #5 on: Thursday 07 February 2013, 11:02:52 pm »

By the way I get lots of
Feb x xx:xx:xx    postfix/smtp[21614]: certificate verification failed for some.domain.com: num=20:unable to get local issuer certificate
Feb x xx:xx:xx    postfix/smtp[21614]: certificate verification failed for some.domain.com: num=27:certificate not trusted

But nothing about certs when it comes from gmail.

By the way, could you check Firewall -> System access -> Show rules of system services. My EFW listens only on 25 port for emails.
Logged
Niclas
Jr. Member
*
Offline Offline

Posts: 6


« Reply #6 on: Thursday 07 February 2013, 11:17:42 pm »

By the way I get lots of
Feb x xx:xx:xx    postfix/smtp[21614]: certificate verification failed for some.domain.com: num=20:unable to get local issuer certificate
Feb x xx:xx:xx    postfix/smtp[21614]: certificate verification failed for some.domain.com: num=27:certificate not trusted

But nothing about certs when it comes from gmail.

By the way, could you check Firewall -> System access -> Show rules of system services. My EFW listens only on 25 port for emails.
Same here, mine only listens to port 25.
My logfiles dont complain about the certs, however thats what i concluded that the problem must origin from after reading the other two threads regarding the same issue.
Logged
Niclas
Jr. Member
*
Offline Offline

Posts: 6


« Reply #7 on: Friday 08 February 2013, 05:39:22 pm »

The question remains: How do i disable TLS on my Endian?

Another user did this:

I remarked this line
#smtpd_tls_security_level = may

Now no TLS is offered and gmail can deliver asap.


However my changes in main.cf wont stay after a reboot. Whats changing main.cf back to its original state and how do i prevent it?
Am i altering the wrong file?
Logged
Niclas
Jr. Member
*
Offline Offline

Posts: 6


« Reply #8 on: Friday 08 February 2013, 11:27:00 pm »

Found it - main.cf.tmpl is the file to alter.

This however does not explain why google wont accept the certificates offered by endian.
Do i have to register them or will selfsigned certs suffice?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.125 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com