I've been trying to get the correct recipe of settings to allow postfix to connect to mysql where ssl is required. So far I have the following config that is not working:
user = mysqluser
password = XXX
hosts = secure-mysql-db.example.com
dbname = mail
query = SELECT 1 FROM users WHERE email='%s'
tls_CAfile = /path/to/mysql-ca.crt
When using this config, I get the following error
postfix/cleanup[1317842]: warning: connect to mysql server
secure-mysql-db.example.com: SSL connection error: No such file or
directory
I have indeed confirmed that the file is accessible. Connecting using the same credentials via the command line works as expected.
Thanks in advance for any assistance!
Update
After reviewing Force Postfix to use TLS for MySQL Connection?, I've added the following:
user = mysqluser
password = XXX
hosts = secure-mysql-db.example.com
dbname = mail
query = SELECT 1 FROM users WHERE email='%s'
tls_ciphers = TLSv1.3
tls_CAfile = /path/to/mysql-ca.crt
Now I'm getting the following error:
SSL connection error: no cipher match
I have indeed confirmed that the connect does work to the database:
mysql -h secure-mysql-db.example.com -p -u postfix mail
MySQL [mail]> \s
--------------
mysql Ver 15.1 Distrib 10.5.15-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper
Connection id: 487933
Current database: mail
Current user: [email protected]
SSL: Cipher in use is ECDHE-RSA-AES256-GCM-SHA384
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MySQL
Server version: 8.0.26 MySQL Community Server - GPL
Protocol version: 10
Connection: secure-mysql-db.example.com via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb3
Conn. characterset: utf8mb3
TCP port: 3306
Uptime: 17 days 7 hours 25 min 45 sec
I'm running Postfix 3.5.13 on Debian 11.5
