|
Title: How to disable SSL/TLS on an Endianmachine? Post by: Niclas on Tuesday 05 February 2013, 01:34:08 am Hi!
I have tried to add the line: "smtpd_tls_security_level = none" in /etc/postfix/main.cf however the line is removed when restart the smtpproxy. None of the changes i make in main.cf seems to stick so i guess im working on the wrong file here. What file should i alter to make these changes? Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: vsenko on Tuesday 05 February 2013, 01:49:29 pm Where are you trying to disable ssl (for wich service)? And what for?
Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: Niclas on Tuesday 05 February 2013, 05:13:17 pm Where are you trying to disable ssl (for wich service)? And what for? Hi!I am trying to disable it for the SMTP Proxy since google wont deliver mail to my domain otherwise. You can read up on it here: esvacommunity. com/forum/viewtopic.php?f=8&t=162 productforums.google. com/forum/m/#!topic/gmail/AyQU7MqhQNI I cant come to think of any other solution since google wont accept the certificates on my Endian. If you have got another workaround then i would gladly accept it. Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: vsenko on Wednesday 06 February 2013, 07:18:52 pm Weird, I never had such problems with gmail. Right now I'm using EFW 2.5.1 and it receives email from google without any delay.
Is it possible that the problem is in something else? Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: Niclas on Thursday 07 February 2013, 07:14:24 pm Weird, I never had such problems with gmail. Right now I'm using EFW 2.5.1 and it receives email from google without any delay. Is it possible that the problem is in something else? Its possible however i dont know what else to do. Those mailing me from a google account keep getting these responses: Technical details of temporary failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain mydomain.com by myendianmachine.mydomain.com. [...]. The error that the other server returned was: 454 4.3.0 TLS not available due to local problem Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: vsenko on Thursday 07 February 2013, 11:02:52 pm By the way I get lots of
Feb x xx:xx:xx postfix/smtp[21614]: certificate verification failed for some.domain.com: num=20:unable to get local issuer certificate Feb x xx:xx:xx postfix/smtp[21614]: certificate verification failed for some.domain.com: num=27:certificate not trusted But nothing about certs when it comes from gmail. By the way, could you check Firewall -> System access -> Show rules of system services. My EFW listens only on 25 port for emails. Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: Niclas on Thursday 07 February 2013, 11:17:42 pm By the way I get lots of Same here, mine only listens to port 25.Feb x xx:xx:xx postfix/smtp[21614]: certificate verification failed for some.domain.com: num=20:unable to get local issuer certificate Feb x xx:xx:xx postfix/smtp[21614]: certificate verification failed for some.domain.com: num=27:certificate not trusted But nothing about certs when it comes from gmail. By the way, could you check Firewall -> System access -> Show rules of system services. My EFW listens only on 25 port for emails. My logfiles dont complain about the certs, however thats what i concluded that the problem must origin from after reading the other two threads regarding the same issue. Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: Niclas on Friday 08 February 2013, 05:39:22 pm The question remains: How do i disable TLS on my Endian?
Another user did this: I remarked this line #smtpd_tls_security_level = may Now no TLS is offered and gmail can deliver asap. However my changes in main.cf wont stay after a reboot. Whats changing main.cf back to its original state and how do i prevent it? Am i altering the wrong file? Title: Re: How to disable SSL/TLS on an Endianmachine? Post by: Niclas on Friday 08 February 2013, 11:27:00 pm Found it - main.cf.tmpl is the file to alter.
This however does not explain why google wont accept the certificates offered by endian. Do i have to register them or will selfsigned certs suffice? |