On Nov 19, 2006, at 10:25 AM, Tom Allison wrote:
> postfix doesn't appear to "do" SSL connections and I turned on ssl.
> I'm trying to connect to the database dbmail to read a view that I
> created using the dbmail_ tables. I've verified that the username
> and password have SELECT rights to this view using psql.
> This is to support the statement in postfix of:
> local_recipient_maps = pgsql:/etc/postfix/pgsql-recipients.cf
> where pgsql-recipients.cf contains:
> user = postfix
> password = XXXXXXXXX
> hosts = 127.0.0.1
> dbname = dbmail
> query = SELECT username FROM postfix_users WHERE username = '%s'
> Everytime postfix tries to authenticate against postgresql, it
> fails because it can't do a SSL and doesn't bother to try a non-ssl
> connection. At least that's what I'm led to believe.
> I've tried settting pg_hba to:
> local all postgres ident sameuser
> local all all md5
> host dbmail all 127.0.0.1/32 md5
> hostssl all all 192.168.1.0/24 md5
> hostssl all all 192.168.0.0/24 md5
> host all all ::1/128 md5
> I keep getting the same error:
> Nov 19 10:57:11 cling postfix/smtpd: warning: connect to
> pgsql server 127.0.0.1: SSL SYSCALL error: Success?
> 2006-11-19 10:57:11 EST 5517 [unknown] LOG: connection received:
> host=127.0.0.1 port=32990
> 2006-11-19 10:57:11 EST 5517 [unknown] LOG: could not accept SSL
> connection: EOF detected
> Every one of these results in a temporary delivery failure of the
> incoming email. I believe it's specifically a tempororary lookup
> I've tried setting hostnossl connections for the user postfix but
> they aren't being effective.
Actually, I think that means that postfix *is* trying to connect with
SSL, but since there's no hostssl line for localhost, it's getting
hostssl dbmail all 127.0.0.1/32 md5
to the end of the file.
Better yet would be to try getting postfix not to use SSL, since it's
just burning cycles for no reason if postfix and PostgreSQL are on
the same machine. Better yet would be a local socket connection. If
you make use of pg_service.conf I suspect you can do that, even if
postfix doesn't have the right support for it.
Jim Nasby jim(at)nasby(dot)net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
In response to
pgsql-novice by date
|Next:||From: Jim Nasby||Date: 2006-11-28 02:52:00|
|Subject: Re: SSL|
|Previous:||From: Jim Nasby||Date: 2006-11-28 02:37:51|
|Subject: Re: PostgreSQL doesn't accept connections when Windows Server is rebooted|