Postfix and Cyrus SASL2
Hi!
I can't figure out what's wrong with the configuration
i am getting such log:
Apr 6 14:15:53 server postfix/smtpd[26456]: connect from server[IP]
Apr 6 14:15:53 server postfix/smtpd[26456]: setting up TLS connection from server[IP]
Apr 6 14:15:53 server postfix/smtpd[26456]: server[IP]: TLS cipher list "ALL:+RC4:@STRENGTH"
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:before/accept initialization
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 read client hello B
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 write server hello A
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 write certificate A
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 write server done A
Apr 6 14:15:53 server postfix/smtpd[26456]: SSL_accept:SSLv3 flush data
Apr 6 14:15:55 server postfix/smtpd[26456]: SSL3 alert read:fatal:certificate unknown
Apr 6 14:15:55 server postfix/smtpd[26456]: SSL_accept:failed in SSLv3 read client certificate A
Apr 6 14:15:55 server postfix/smtpd[26456]: SSL_accept error server [IP]: 0
Apr 6 14:15:55 server postfix/smtpd[26456]: warning: TLS library problem: 26456:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL alert number 46:
Apr 6 14:15:55 server postfix/smtpd[26456]: lost connection after STARTTLS from server[IP]
Apr 6 14:15:55 server postfix/smtpd[26456]: disconnect from server[IP] 01
respective main.cf:
## TLS
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_security_level = may
smtp_tls_loglevel = 2
smtpd_tls_CAfile = /etc/ssl/cacert.pem
smtpd_tls_cert_file = /etc/ssl/cert.pem
smtpd_tls_key_file = /etc/ssl/key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_loglevel = 2
smtpd_tls_session_cache_timeout = 7200s
#SASL auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
when i telnet into server:
220 server ESMTP Postfix
ehlo localhost
250-server
250-PIPELINING
250-SIZE 50000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Email client I am trying to use - Thunderbird 3.1.9. It actually detects that server advertizes STARTTLS for smtp, but there is message "Certificate type not approved for application" and sec_error_inadequate_cert_type.
In the same time TLS sessions among servers are working like a charm.
Last edited by BerzinTehvs; 04-06-2011 at 07:31 AM.
|