# postfix-2.6.6 TLS error

## NotQuiteSane

Hi peeps.  I'm seeing the following errors:

```
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
```

```
Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting

Jul 21 18:35:28 linus3 postfix/tlsmgr[15524]: TLS support is not compiled in -- exiting
```

what has me confused is that there is no tls use flag for postfix:

```
[ebuild   R   ] mail-mta/postfix-2.6.6  USE="cdb hardened ipv6 ldap mbox mysql nis pam postgres sasl ssl vda -dovecot-sasl (-selinux)" 3,262 kB
```

so, how do I get tls compiled in?   i've been searching since yesterday, but i'm not finding anything relevent.  any help to find a solution would be appreciated

NQS

----------

## vincent-

Try to activate the sasl and ssl use flags of mail-mta/postfix, rebuild it, and restart it.Last edited by vincent- on Thu Jul 22, 2010 5:47 pm; edited 1 time in total

----------

## Anarcho

You might check the USE-Flags of openssl and probably update openssl and re-install postfix then.

----------

## NotQuiteSane

 *Anarcho wrote:*   

> You might check the USE-Flags of openssl and probably update openssl and re-install postfix then.

 

ssl and sasl were activated on postfix.  I added kerberos and sse2 to open ssl then recompiled both.  no joy.

NQS

----------

## vincent-

Can I see your main.cf?

----------

## NotQuiteSane

 *peratu wrote:*   

> Can I see your main.cf?

 

With comments stripped out:

```
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = //usr/lib/postfix

mail_owner = postfix

default_privs = nobody

myhostname = linus3.triad.ath.cx

mydomain = triad.ath.cx

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,

unknown_local_recipient_reject_code = 450

mynetworks = 192.168.0.0/16, 127.0.0.0/8

alias_database = hash:/etc/aliases

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = maildrop

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/packages/postfix/samples

readme_directory = /usr/share/doc/packages/postfix/README_FILES

mail_spool_directory = /var/mail

canonical_maps = hash:/etc/postfix/canonical

virtual_maps = hash:/etc/postfix/virtual

relocated_maps = hash:/etc/postfix/relocated

transport_maps = hash:/etc/postfix/transport

sender_canonical_maps = hash:/etc/postfix/sender_canonical

masquerade_exceptions = root

masquerade_classes = envelope_sender, header_sender, header_recipient

myhostname = linus3.triad.ath.cx

program_directory = /usr/lib/postfix

inet_interfaces = all

masquerade_domains = 

mydestination = $myhostname,localhost.$mydomain,$mydomain,mac.isa-geek.org,asisee.it

defer_transports = 

disable_dns_lookups = no

relayhost = [titan.cvip.net]:587

content_filter = smtp-amavis:[127.0.0.1]:10024

mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Mail/ MAILDIR=$HOME/Mail 

home_mailbox = Mail/

mailbox_transport = 

smtpd_sender_restrictions = hash:/etc/postfix/access

smtpd_client_restrictions = 

strict_rfc821_envelopes = no

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination

smtp_sasl_auth_enable = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_use_tls = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_application_name = smtpd

smtpd_tls_key_file = /etc/ssl/postfix/server.key

smtpd_tls_cert_file = /etc/ssl/postfix/server.crt

smtpd_tls_CAfile = /etc/ssl/postfix/server.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtp_use_tls = yes

alias_maps = hash:/etc/aliases

mailbox_size_limit = 0

message_size_limit = 25640000

html_directory = /usr/share/doc/packages/postfix/html

smtp_sasl_security_options = 

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

hash_queue_names = deferred, defer active bounce flush incoming

data_directory = /var/lib/postfix
```

NQS

----------

## Anarcho

Hi,

that's what I use in main.cf:

```
mail ~ # grep tls /etc/postfix/main.cf | egrep -v '^#'

smtp_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtpd_use_tls = yes

smtpd_tls_key_file = /etc/postfix/servercert.pem

smtpd_tls_cert_file = /etc/postfix/servercert.pem

smtpd_tls_loglevel = 0

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom
```

As you can see, I have no reference to a CA file.

And my USE-Flags:

```
[ebuild     U ] dev-libs/openssl-0.9.8o [0.9.8n] USE="(sse2) zlib -bindist -gmp -kerberos -test" 3,685 kB

[ebuild     U ] mail-mta/postfix-2.6.6 [2.6.5] USE="hardened mysql pam postgres sasl ssl -cdb -dovecot-sasl -ipv6 -ldap -mbox -nis (-selinux) -vda" 3,250 kB
```

EDIT:

Maybe it is related to:

https://bugs.gentoo.org/show_bug.cgi?id=313189

----------

## vincent-

This is my config:

```

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtp_use_tls = yes

smtpd_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtpd_tls_auth_only = yes

smtpd_helo_required = yes

smtpd_client_restrictions = 

        permit_sasl_authenticated

smtpd_recipient_restrictions = 

        permit_sasl_authenticated, 

        reject_unauth_destination, 

        reject_invalid_hostname,

        reject_unauth_pipelining,

        reject_non_fqdn_sender,

        reject_unknown_sender_domain,

        reject_non_fqdn_recipient,

        reject_unknown_recipient_domain,

        reject_rhsbl_client blackhole.securitysage.com,

        reject_rhsbl_sender blackhole.securitysage.com,

        reject_rbl_client zen.spamhaus.org,

        reject_rbl_client bl.spamcop.net,

        reject_rbl_client blackholes.easynet.nl,

        reject_rbl_client cbl.abuseat.org,

        reject_rbl_client proxies.blackholes.wirehub.net,

        reject_rbl_client dnsbl.njabl.org,

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = smtpd

smtpd_tls_key_file = /etc/postfix/newkey.pem

smtpd_tls_cert_file = /etc/postfix/newcert.pem

smtpd_tls_CAfile = /etc/postfix/cacert.pem

tls_random_source = dev:/dev/urandom

```

Hope it helps.

----------

