Postgres Pro
Downloads
Home   >   mailing lists

Re: nossl authentication - Mailing list pgsql-novice

From Jim Nasby
Subject Re: nossl authentication
Date
Msg-id 3BA6ADEC-05A8-45C7-B2A3-21A72C7F4FAC@decibel.org
Whole thread Raw
In response to nossl authentication  (Tom Allison <tom@tacocat.net>)
List pgsql-novice
Tree view 
On Nov 19, 2006, at 10:25 AM, Tom Allison wrote:
> postfix doesn't appear to "do" SSL connections and I turned on ssl.
> I'm trying to connect to the database dbmail to read a view that I
> created using the dbmail_ tables.  I've verified that the username
> and password have SELECT rights to this view using psql.
>
> This is to support the statement in postfix of:
> local_recipient_maps = pgsql:/etc/postfix/pgsql-recipients.cf
>
> where pgsql-recipients.cf contains:
> user     =  postfix
> password =  XXXXXXXXX
> hosts    =  127.0.0.1
> dbname   =  dbmail
>
> query = SELECT username FROM postfix_users WHERE username = '%s'
>
>
> Everytime postfix tries to authenticate against postgresql, it
> fails because it can't do a SSL and doesn't bother to try a non-ssl
> connection.  At least that's what I'm led to believe.
>
> I've tried settting pg_hba to:
>
> local   all         postgres                          ident sameuser
> local   all         all                               md5
> host    dbmail      all         127.0.0.1/32          md5
> hostssl all         all         192.168.1.0/24        md5
> hostssl all         all         192.168.0.0/24        md5
> host    all         all         ::1/128               md5
>
> I keep getting the same error:
>
>
> POSTFIX
> Nov 19 10:57:11 cling postfix/smtpd[5364]: warning: connect to
> pgsql server 127.0.0.1: SSL SYSCALL error: Success?
>
> POSTGRESQL
> 2006-11-19 10:57:11 EST 5517 [unknown] LOG:  connection received:
> host=127.0.0.1 port=32990
> 2006-11-19 10:57:11 EST 5517 [unknown] LOG:  could not accept SSL
> connection: EOF detected
>
>
> Every one of these results in a temporary delivery failure of the
> incoming email.  I believe it's specifically a tempororary lookup
> failure.
>
> I've tried setting hostnossl connections for the user postfix but
> they aren't being effective.

Actually, I think that means that postfix *is* trying to connect with
SSL, but since there's no hostssl line for localhost, it's getting
denied.

Try adding

hostssl dbmail      all         127.0.0.1/32          md5

to the end of the file.

Better yet would be to try getting postfix not to use SSL, since it's
just burning cycles for no reason if postfix and PostgreSQL are on
the same machine. Better yet would be a local socket connection. If
you make use of pg_service.conf I suspect you can do that, even if
postfix doesn't have the right support for it.
--
Jim Nasby                                            jim@nasby.net
EnterpriseDB      http://enterprisedb.com      512.569.9461 (cell)

pgsql-novice by date:

Previous
From: Jim Nasby
Date:
Subject: Re: Which installer for Postgres on Windows?
Next
From: Jim Nasby
Date:
Subject: Re: Inserting values into a variable table