Godaddy SSL certificate

asdfg · 05-01-2012, 04:51 PM

Hello, I buy SSL certificate on Godaddy. When I download this certificate, I have two files mydomain.crt and gd_bundle.crt . I addes this lines to /etc/postfix/main.cf :

Code:

smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/mydomain.key
smtpd_tls_cert_file = /etc/postfix/ssl/mydomain.crt
smtpd_tls_CAfile = /etc/postfix/ssl/gd_bundle.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

But postfix back this error in mail.log:

Code:

May  1 23:50:19 S1 postfix/smtpd[6910]: SSL_accept error from unknown[XXX.XXX.XXX.XXX]: -1
May  1 23:50:19 S1 postfix/smtpd[6910]: lost connection after CONNECT from unknown[XXX.XXX.XXX.XXX]
May  1 23:50:19 S1 postfix/smtpd[6910]: disconnect from unknown[XXX.XXX.XXX.XXX]
May  1 23:50:19 S1 postfix/smtpd[6911]: SSL_accept error from unknown[XXX.XXX.XXX.XXX]: -1
May  1 23:50:19 S1 postfix/smtpd[6911]: lost connection after CONNECT from unknown[XXX.XXX.XXX.XXX]
May  1 23:50:19 S1 postfix/smtpd[6911]: disconnect from unknown[XXX.XXX.XXX.XXX]

Kustom42 · 05-01-2012, 06:26 PM

Those errors look to be related to client side configuration of the email client. Can you attempt another email client or review your configuration for the current one being used?

asdfg · 05-02-2012, 01:58 AM

This I tested in Thunderbird last version. It is the most used e-mail client in our area

.

asdfg · 05-02-2012, 02:00 AM

Code:

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_list = 127.0.0.1
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mailbox_size_limit = 0
message_size_limit = 335544320
mydestination = blade1, localhost.localdomain, localhost
mydomain = mail.example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_bcc_maps = hash:/etc/postfix/recipient-bcc
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/evil-clients.cidr
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,                                       reject_unauth_destination,                                      permit_mynetworks,                                      reject_unknown_recipient_domain,                                     reject_invalid_hostname,                                        reject_rbl_client list.dsbl.org,                                        reject_rbl_client sbl.spamhaus.org,                 reject_rbl_client cbl.abuseat.org,                                       reject_rbl_client dul.dnsbl.sorbs.net,                                  permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/gd_bundle.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/mail.example.com.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.example.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_gid_maps = static:106
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 366544320
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = virtual
virtual_uid_maps = static:103