Postfix: postfix/tlsmgr[31694]: TLS support is not compiled in -- exiting

[keymaker]

Hallo zusammen

Ich habe postfix installiert auf der Distribution RH9. Dazu noch anderes wie: SpamAssassin, ClamAV, amavis, postgrey, courier-imap, cyrus-sasl, openssl

Nun habe ich einige Probleme damit. Wenn ich zum Beispiel postfix starte, dann sehe ich im logfile den folgenden Eintrag: "postfix/tlsmgr[31694]: TLS support is not compiled in -- exiting", der sich dann ständig wiederholt. Mein make für postfix sah folgendermassen aus:

Code: Select all

make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -I/usr/local/include/sasl -DHAS_SSL -I/usr/local/ssl/include' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/local/bdb/lib -L/usr/local/ssl/lib -lssl -lcrypto'

Hier poste ich gleich mal meine main.cf, vielleicht fällt jemandem irgendwas auf, das mit meiner Konfiguration nicht in Ordnung ist:

Code: Select all

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <hostname>
mydomain = <domain>
myorigin = $mydomain
inet_interfaces = all
mydestination = localhost.$mydomain, localhost, $mydomain
local_recipient_maps =
unknown_local_recipient_reject_code = 550
mynetworks_style = host
mynetworks = 127.0.0.0/8 192.168.7.0/24
relayhost =
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
mail_spool_directory = /var/mail/virtual
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/ma
sample_directory = /etc/postfix
readme_directory = no
disable_dns_lookup = yes

delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes

message_size_limit = 20480000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
#content_filter=amavis:[127.0.0.1]:10026
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, perm
it
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_recipient, rej
ect_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, permit
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, permit


smtpd_sasl_auth_enable=yes
broken_sasl_auth_clients = yes
smtpd_sasl_path = /etc/postfix/sasl:/usr/local/lib/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_data_restrictions = reject_unauth_pipelining
mailbox_size_limit = 102400000

Das ./configure von Cyrus-SASL sah folgendermassen aus:

Code: Select all

./configure --enable-anon --enable-plain --enable-login --enable-sql --disable-krb4 --disable-otp --enable-cram --enable-digest --with-saslauthd=/var/run/saslauthd --with-mysql=/usr/local/mysql/ --with-openssl=/usr/local/openssl/ --with-plugindir=/usr/local/lib/sas12

Sieht jemand einen Fehler?

Ein Mail verschicken funktioniert - z.b. an gmx.net oder gmail.com. Auch mails an root@localhost werden verschickt, jedoch finde ich den Pfad nicht, wo das mail gespeichert wird! laut meiner Konfiguration müsste das: /var/mail/virtual/root sein, welches aber gar nicht existiert. Wohin wird dieses Mail verschickt?

Vielen Dank für eure Hilfe!
Marco

[keymaker]

habe gerade bemerkt, dass ich ja -DHAS_SSL anstelle von -DUSE_TLS verwendet habe. Jetzt habe ich aber das Problem, dass beim compilieren folgender fehler auftritt:

Code: Select all

In file included from /usr/include/openssl/ssl.h:179,
                 from tls.h:47,
                 from tls_stream.c:66:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
                 from tls.h:47,
                 from tls_stream.c:66:
/usr/include/openssl/kssl.h:134: parse error before "krb5_enctype"
/usr/include/openssl/kssl.h:136: parse error before '*' token
/usr/include/openssl/kssl.h:137: parse error before '}' token
/usr/include/openssl/kssl.h:149: parse error before "kssl_ctx_setstring"
/usr/include/openssl/kssl.h:149: parse error before '*' token
/usr/include/openssl/kssl.h:150: parse error before '*' token
/usr/include/openssl/kssl.h:151: parse error before '*' token
/usr/include/openssl/kssl.h:151: parse error before '*' token
/usr/include/openssl/kssl.h:152: parse error before '*' token
/usr/include/openssl/kssl.h:153: parse error before "kssl_ctx_setprinc"
/usr/include/openssl/kssl.h:153: parse error before '*' token
/usr/include/openssl/kssl.h:155: parse error before "kssl_cget_tkt"
/usr/include/openssl/kssl.h:155: parse error before '*' token
/usr/include/openssl/kssl.h:157: parse error before "kssl_sget_tkt"
/usr/include/openssl/kssl.h:157: parse error before '*' token
/usr/include/openssl/kssl.h:159: parse error before "kssl_ctx_setkey"
/usr/include/openssl/kssl.h:159: parse error before '*' token
/usr/include/openssl/kssl.h:161: parse error before "context"
/usr/include/openssl/kssl.h:162: parse error before "kssl_build_principal_2"
/usr/include/openssl/kssl.h:162: parse error before "context"
/usr/include/openssl/kssl.h:165: parse error before "kssl_validate_times"
/usr/include/openssl/kssl.h:165: parse error before "atime"
/usr/include/openssl/kssl.h:167: parse error before "kssl_check_authent"
/usr/include/openssl/kssl.h:167: parse error before '*' token
/usr/include/openssl/kssl.h:169: parse error before "enctype"
In file included from tls.h:47,
                 from tls_stream.c:66:
/usr/include/openssl/ssl.h:909: parse error before "KSSL_CTX"
/usr/include/openssl/ssl.h:931: parse error before '}' token
make: *** [tls_stream.o] Error 1
make: *** [update] Error 1

Aber: krb5.h existiert im Verzeichnis: /usr/include/openssl/

...Ideen?

[Joe User]

1) RH9 wird nicht mehr supportet, wähle bitte eine aktuelle Distribution.
2) Hast Du den Postfix-TLS-Patch eingepflegt, oder verwendest Du Postfix >=2.3?

[keymaker]

Ich habe die Postfix version 2.4.5 installiert.
sasl: 2.1.22
openssl: 0.9.7d

..kann es sein, dass die postfix und ssl versionen nicht kompatibel sind?

[keymaker]

hat sich erledigt:

-openssl neu installieren
-tsl eintrag vom make ändern
-sasl eintrag von make ändern