# Postfix TLS Error After Upgrading to 2.2.2 (Solved)

## segedunum

I recently upgraded to Postfix 2.2.2 from 2.1.5, and everything seems fine except that I did have TLS enabled (and still have) for it and it now doesn't seem to be working. The reason why I didn't see it up until now is that all my clients have the option 'TLS if Available' set so it then defaults to plain communication. What I'm seeing in my messages is this:

initializing the server-side TLS engine

warning: connect to private/tlsmgr: No such file or directory

warning: connect to private/tlsmgr: No such file or directory

warning: problem talking to server private/tlsmgr: No such file or directory

warning: no entropy for TLS key generation: disabling TLS support

lost connection after STARTTLS from unknown

Is there some post-install procedure for Postfix I've possibly missed when going from 2.1.x to 2.2.x, and if so, what is it?Last edited by segedunum on Sat Jul 23, 2005 5:15 pm; edited 1 time in total

----------

## sumerian

Check your mail server logs.  Does it say something about sdbm not being supported?  Go through /etc/postfix/main.cf or whereever your ssl settings are, and change your *tls_session_cache_database lines (smtp_ and smtpd_)

----------

## segedunum

Recently came back to this after some time and solved it. You need to read this:

http://www.postfix.org/TLS_README.html#compat

You need to have this line in your main.cf Postfix file:

```
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
```

In Postfix 2.2.x and above you need to use a btree database as opposed to dbm. You also need to alter your master.cf file, unless you've overwritten it. You need to change the line:

```
tlsmgr    fifo  -
```

to

```
tlsmgr    unix  -
```

 The smtp and smtpd processes now use a client-server protocol in order to access the tlsmgr pseudo-random number generation (PRNG) pool, and in order to access the TLS session cache databases. Such a protocol cannot be run across fifos.

Make sure that your crt, key and certificate authority files are pointing to the write place and then restart Postfix and re-try. TLS should then work fine with Postfix >=2.2.x if you've just upgraded from anything lower.

Hope that helps.

----------

## Darknight

Thanks this post saved my day   :Smile: 

----------

