LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-06-2011, 07:27 AM   #1
BerzinTehvs
Member
 
Registered: Mar 2005
Location: Latvia
Distribution: Slackware
Posts: 63

Rep: Reputation: 17
Postfix and Cyrus SASL2


Hi!

I can't figure out what's wrong with the configuration

i am getting such log:

Apr 6 14:15:53 server postfix/smtpd[26456]: connect from server[IP]
Apr 6 14:15:53 server postfix/smtpd[26456]: setting up TLS connection from server[IP]
Apr 6 14:15:53 server postfix/smtpd[26456]: server[IP]: TLS cipher list "ALL:+RC4:@STRENGTH"
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:before/accept initialization
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 read client hello B
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 write server hello A
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 write certificate A
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 write server done A
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 flush data
Apr 6 14:15:55 server postfix/smtpd[26456]: SSL3 alert read:fatal:certificate unknown
Apr 6 14:15:55 server postfix/smtpd[26456]: SSL_accept:failed in SSLv3 read client certificate A
Apr 6 14:15:55 server postfix/smtpd[26456]: SSL_accept error server [IP]: 0
Apr 6 14:15:55 server postfix/smtpd[26456]: warning: TLS library problem: 26456:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL alert number 46:
Apr 6 14:15:55 server postfix/smtpd[26456]: lost connection after STARTTLS from server[IP]
Apr 6 14:15:55 server postfix/smtpd[26456]: disconnect from server[IP] 01

respective main.cf:

## TLS
tls_random_source = dev:/dev/urandom

smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_security_level = may
smtp_tls_loglevel = 2

smtpd_tls_CAfile = /etc/ssl/cacert.pem
smtpd_tls_cert_file = /etc/ssl/cert.pem
smtpd_tls_key_file = /etc/ssl/key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_loglevel = 2
smtpd_tls_session_cache_timeout = 7200s

#SASL auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

when i telnet into server:

220 server ESMTP Postfix
ehlo localhost
250-server
250-PIPELINING
250-SIZE 50000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


Email client I am trying to use - Thunderbird 3.1.9. It actually detects that server advertizes STARTTLS for smtp, but there is message "Certificate type not approved for application" and sec_error_inadequate_cert_type.

In the same time TLS sessions among servers are working like a charm.

Last edited by BerzinTehvs; 04-06-2011 at 07:31 AM.
 
Old 04-06-2011, 08:16 AM   #2
BerzinTehvs
Member
 
Registered: Mar 2005
Location: Latvia
Distribution: Slackware
Posts: 63

Original Poster
Rep: Reputation: 17
Problem is partialy solved - the problem hides under inability to start STARTTLS session between client and server for secure login/password authtentification.

In plaintext sasl authentification works
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix sasl2 auth login periferral Linux - Server 2 10-20-2009 11:52 PM
Postfix / SASL2 login fail Fredstar Linux - Server 1 06-19-2007 06:52 PM
sasl2-bin broken? Needed for cyrus-imap benjalien Debian 2 01-02-2006 05:16 AM
postfix+cyrus gammar Linux - Networking 0 12-30-2004 12:34 PM
Postfix + Qpopper + SASL2 Debfan Linux - Networking 0 10-08-2003 09:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration