[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [not-OT] Postfix - STARTTLS problem: 454 4.3.0 TLS not available due to local problem

On Thu, 2007-05-17 at 11:45 +0530, Deboo ^ wrote:
> On 5/17/07, Greg Folkert <greg@gregfolkert.net> wrote:
> > Why is this OT? Postfix is packaged for Debian, by Debian.
> >
> > This might be related to TLS entropy problem when there is not enough
> > activity or "randomness" from the system.
> >
> > Exim experiences similar problems when there is not enough activity to
> > produce enough randomness. It just runs out of "/dev/random"
> >
> > Though I could be talking out of my /dev/ass
> I thought since postfix has it's own mailing list, it would be OT here.
> I do not understand what you explained above about the randomness.
> Should I remove the /dev/urandom entry from main.cf?

No, do not remove the /dev/urandom entry.

On a relatively idle system and since most machines do not have a "real"
Random Number Generator built into the hardware, it has to be

This emulation uses activity on the machine to generate the RNG. If
there is not enough activity and therefore entropy will degrade the
amount of random numbers generated for TLS.

These explain it much better than I:


greg, greg@gregfolkert.net
PGP key: 1024D/B524687C  2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0  2B3A ED66 6971 B524 687C
Alternate Fingerprint: 09F9 1102 9D74  E35B D841 56C5 6356 88C0

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: