| aluchko |
04-07-2013 02:27 AM |
Trouble with postfix and TLS
My mail server was working fine for several years but for some reason at some point SMTP with TLS stopped working, I've regenerated the certs a few times so they shouldn't be expired and I don't think I changed any configs from when things were working but I can't be certain.
The users are stored in LDAP and the MDA is Dovecot (imaps works fine). I've been trying everything and I have no idea what the problem is. Is there something wrong with the config, some way to check that the certificates are being generated properly?
thanks
Code:
[root@valinor postfix]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 99
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 20
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
maildrop_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.9.2/README_FILES
sample_directory = /usr/share/doc/postfix-2.9.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = no
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $alias_maps, ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-maillists.cf
virtual_gid_maps = static:5001
virtual_mailbox_base = /var/spool/mail/
virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_minimum_uid = 5001
virtual_transport = maildrop
virtual_uid_maps = static:5001
[root@valinor postfix]#
Here's the section from the maillog
Code:
Apr 7 03:10:56 valinor postfix/smtpd[2603]: initializing the server-side TLS engine
Apr 7 03:10:56 valinor postfix/smtpd[2603]: connect from <my ip>
Apr 7 03:10:56 valinor postfix/smtpd[2603]: setting up TLS connection from <my ip>
Apr 7 03:10:56 valinor postfix/smtpd[2603]: <my ip>: TLS cipher list "ALL:+RC4:@STRENGTH"
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:before/accept initialization
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 read client hello A
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 write server hello A
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 write certificate A
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 write server done A
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 flush data
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:failed in SSLv3 read client certificate A
Apr 7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept error from <my ip>: lost connection
Apr 7 03:10:56 valinor postfix/smtpd[2603]: lost connection after STARTTLS from <my ip>
Apr 7 03:10:56 valinor postfix/smtpd[2603]: disconnect from <my ip>
|
