mail:/etc/postfix# openssl s_client -connect localhost:25 -starttls smtp
-crlf<br />CONNECTED(00000003)<br />depth=0 /C=MY/ST=Wilayah
Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI RESOURCES BERHAD/OU=Mail <a
href="mailto:Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com">Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com</a><br
/>verify error:num=18:self signed certificate<br />verify return:1<br
/>depth=0 /C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail <a
href="mailto:Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com">Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com</a><br
/>verify return:1<br />---<br />Certificate chain<br /> 0
s:/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI RESOURCES
BERHAD/OU=Mail <a
href="mailto:Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com">Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com</a><br
/> i:/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail <a
href="mailto:Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com">Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com</a><br
/>---<br />Server certificate<br />-----BEGIN CERTIFICATE-----<br
/>MIIFGzCCBAOgAwIBAgIJAJQaRdpc9qRtMA0GCSqGSIb3DQEBBQUAMIG5MQswCQYD<br
/>VQQGEwJNWTEcMBoGA1UECBMTV2lsYXlhaCBQZXJzZWt1dHVhbjEVMBMGA1UEBxMM<br
/>S3VhbGEgTHVtcHVyMSQwIgYDVQQKExtBSE1BRCBaQUtJIFJFU09VUkNFUyBCRVJI<br
/>QUQxFTATBgNVBAsTDE1haWwgU2VydmljZTEWMBQGA1UEAxMNbWFpbC5henJiLmNv<br
/>bTEgMB4GCSqGSIb3DQEJARYRc3lzYWRtaW5AYXpyYi5jb20wHhcNMDYxMDA5MDMx<br
/>NzI4WhcNMDcxMDA5MDMxNzI4WjCBuTELMAkGA1UEBhMCTVkxHDAaBgNVBAgTE1dp<br
/>bGF5YWggUGVyc2VrdXR1YW4xFTATBgNVBAcTDEt1YWxhIEx1bXB1cjEkMCIGA1UE<br
/>ChMbQUhNQUQgWkFLSSBSRVNPVVJDRVMgQkVSSEFEMRUwEwYDVQQLEwxNYWlsIFNl<br
/>cnZpY2UxFjAUBgNVBAMTDW1haWwuYXpyYi5jb20xIDAeBgkqhkiG9w0BCQEWEXN5<br
/>c2FkbWluQGF6cmIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA<br
/>2WDHc9z2aRmTDpjZ0AnkoiEpWdjCTQhUf1Nzm7j4s0WhuFw3qY0Z1fnnWinchnxD<br
/>5t4XNx14sMQkotmUGDMthKESGznc+Gv6Db/2zoN700Qy1iMeVf4MU6fk2A85sYOH<br
/>N1ZdxgucIioWibcZcjcqBZAFzW7W5dj6gRyUcfIOyC2gxyBSkitNILJAVzXWnM7T<br
/>a8ymjxdtylR3oV3YltU63SigKri/B1cRMvEG1iaMYAHO8BC1tOkZR7D2lrd5Lf5M<br
/>DL1ilh5VAU+K5EUW3R6WvROVqEnrl1png3BsiII+nICeg1nHzd4c8q49TPQkGBgH<br
/>dFemwaWApu/WRlJ3qrfRqwIDAQABo4IBIjCCAR4wHQYDVR0OBBYEFBljUbFg/Jb/<br
/>wI8LGJfKtcXy/vXOMIHuBgNVHSMEgeYwgeOAFBljUbFg/Jb/wI8LGJfKtcXy/vXO<br
/>oYG/pIG8MIG5MQswCQYDVQQGEwJNWTEcMBoGA1UECBMTV2lsYXlhaCBQZXJzZWt1<br
/>dHVhbjEVMBMGA1UEBxMMS3VhbGEgTHVtcHVyMSQwIgYDVQQKExtBSE1BRCBaQUtJ<br
/>IFJFU09VUkNFUyBCRVJIQUQxFTATBgNVBAsTDE1haWwgU2VydmljZTEWMBQGA1UE<br
/>AxMNbWFpbC5henJiLmNvbTEgMB4GCSqGSIb3DQEJARYRc3lzYWRtaW5AYXpyYi5j<br
/>b22CCQCUGkXaXPakbTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV<br
/>BNCwTT3Cr1oc3/SwcDJJ2oHUT6mvTmmAJ322eDv07gFp2sTUI4hV3pLQ7FxXTS+N<br
/>C11XQ4zBP14P46BRj7rZagFRdShgxsPSodtXaRKvpp8VyEu3FBNjJLc/XNRBEryr<br
/>aISHGfB912FZm6AjsbxRfFq3JZDf9IRa/WksY5fG40S4aP60u3HajPVagHZAM5ne<br
/>QG13r1EE61L0uMb6XkBKU5xuwD3HoucS3jyJ0yZLwjhVRdw2xbsT/IAwrhOsVifI<br
/>gIidATQ700NyyiI9dBTgE43zYFL6ktnoBUGUn5hK+tz7XAY5kiCOGWt/rZ5FyYrP<br
/>WhUMyi9i9xQPbQmRlRjL<br />-----END CERTIFICATE-----<br
/>subject=/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail <a
href="mailto:Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com">Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com</a><br
/>issuer=/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail <a
href="mailto:Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com">Service/CN=mail.azrb.com/emailAddress=sysadmin@azrb.com</a><br
/>---<br />No client certificate CA names sent<br />---<br />SSL handshake
has read 2073 bytes and written 326 bytes<br />---<br />New, TLSv1/SSLv3,
Cipher is DHE-RSA-AES256-SHA<br />Server public key is 2048 bit<br
/>Compression: NONE<br />Expansion: NONE<br />SSL-Session:<br
/> Protocol : TLSv1<br />
Cipher : DHE-RSA-AES256-SHA<br />
Session-ID:
7A893C971E5D8EE1341613AC20A3EB63C248B207DFE3254B8B72B420A73AFC7F<br
/> Session-ID-ctx:<br /> Master-Key:
DBEBC32559B26FF05F126B6BD5D6F66C937B7DE8EFD2BE457BB18FBF8623DEC2CB00E7144961BE2AEAC0BC46EAB8709C<br
/> Key-Arg : None<br />
Start Time: 1160363995<br /> Timeout : 300
(sec)<br /> Verify return code: 18 (self signed
certificate)<br />---<br />220 mail.azrb.com ESMTP Postfix (AZRB)<br
/>ehlo mail.azrb.com<br />250-mail.azrb.com<br />250-PIPELINING<br
/>250-SIZE<br />250-ETRN<br />250-AUTH LOGIN PLAIN<br />250-AUTH=LOGIN
PLAIN<br />250-ENHANCEDSTATUSCODES<br />250-8BITMIME<br />250 DSN<br
/>quit<br />221 2.0.0 Bye<br />read:errno=0<br />> On Sun, Oct 08, 2006
at 01:16:48PM +0800, Mohamed Sulaiman Sultan <br />> Suhaibuddeen
wrote: <br />>> <br />>> <br />>> I generate the key
using: <br />>> <br />>> openssl req -new -outform PEM -out
<br />>> /etc/postfix/smtpd.cert -newkey rsa:2048 \ <br />>>
-nodes -keyout <br />>> /etc/postfix/smtpd.key -keyform PEM -days
3650 -x509 <br />> <br />> That should generate a self-signed
certificate, and that should work. <br />> <br />>> I was <br
/>>> following a guide from:
http://workaround.org/articles/ispmail-sarge/ <br />> <br />> And
you have the following in your postfix main.cf file? <br />>
smtpd_use_tls = yes <br />> smtpd_tls_cert_file =
/etc/postfix/smtpd.cert <br />> smtpd_tls_key_file =
/etc/postfix/smtpd.key <br />> <br />> I've tried it with those
settings, and it works for me. <br />> <br />> Did you try testing
it with s_client? <br />> <br />> <br />> Kurt <br />> <br
/>> <br />