LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-07-2013, 02:27 AM   #1
aluchko
Member
 
Registered: Mar 2004
Location: Edmonton, AB, Canada
Distribution: Fedora
Posts: 37

Rep: Reputation: 15
Trouble with postfix and TLS


My mail server was working fine for several years but for some reason at some point SMTP with TLS stopped working, I've regenerated the certs a few times so they shouldn't be expired and I don't think I changed any configs from when things were working but I can't be certain.

The users are stored in LDAP and the MDA is Dovecot (imaps works fine). I've been trying everything and I have no idea what the problem is. Is there something wrong with the config, some way to check that the certificates are being generated properly?

thanks

Code:
[root@valinor postfix]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 99
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 20
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
maildrop_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.9.2/README_FILES
sample_directory = /usr/share/doc/postfix-2.9.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = no
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $alias_maps, ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-maillists.cf
virtual_gid_maps = static:5001
virtual_mailbox_base = /var/spool/mail/
virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_minimum_uid = 5001
virtual_transport = maildrop
virtual_uid_maps = static:5001
[root@valinor postfix]#
Here's the section from the maillog

Code:
Apr  7 03:10:56 valinor postfix/smtpd[2603]: initializing the server-side TLS engine
Apr  7 03:10:56 valinor postfix/smtpd[2603]: connect from <my ip>
Apr  7 03:10:56 valinor postfix/smtpd[2603]: setting up TLS connection from <my ip>
Apr  7 03:10:56 valinor postfix/smtpd[2603]: <my ip>: TLS cipher list "ALL:+RC4:@STRENGTH"
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:before/accept initialization
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 read client hello A
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 write server hello A
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 write certificate A
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 write server done A
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:SSLv3 flush data
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept:failed in SSLv3 read client certificate A
Apr  7 03:10:56 valinor postfix/smtpd[2603]: SSL_accept error from <my ip>: lost connection
Apr  7 03:10:56 valinor postfix/smtpd[2603]: lost connection after STARTTLS from <my ip>
Apr  7 03:10:56 valinor postfix/smtpd[2603]: disconnect from <my ip>
 
Old 05-01-2013, 07:33 AM   #2
Andy Alt
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware64-stable, Manjaro, Debian64 stable
Posts: 528

Rep: Reputation: 167Reputation: 167
Have you visited this page?
Postfix Debugging Howto

Quote:
My mail server was working fine for several years but for some reason at some point SMTP with TLS stopped working
It might be a bug. Were there any updates around the time your server stopped working properly?

What release of Fedora are you using?
 
  


Reply

Tags
postfix


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix / TLS Help carlosinfl Linux - Server 1 07-22-2009 01:31 PM
Postfix TLS support saif.sicsr Linux - Server 0 02-24-2009 05:54 PM
Postfix TLS query i_nomad Linux - Newbie 2 06-24-2008 03:02 AM
Postfix TLS and SMTP i_nomad Linux - Security 2 05-20-2008 07:28 AM
Postfix TLS error grant-skywalker Debian 3 09-11-2006 01:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration