HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Virtual Users And Domains With Postfix, Courier And MySQL - TLS not working (http://www.howtoforge.com/forums/showthread.php?t=22428)

c4rdinal 17th April 2008 09:31

Virtual Users And Domains With Postfix, Courier And MySQL - TLS not working
 
Hi,

I noticed that TLS is not working:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP Postfix
ehlo localhost
250-mail.domain.com
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


I cannot find STARTTLS.

/var/log/mail.log indicates:

Apr 17 22:41:35 mail postfix/smtpd[4679]: connect from localhost[127.0.0.1]
Apr 17 22:46:35 mail postfix/smtpd[4679]: SSL_accept error from localhost[127.0.0.1]: -1
Apr 17 22:46:35 mail postfix/smtpd[4679]: lost connection after STARTTLS from localhost[127.0.0.1]

mail:/etc/postfix/ssl# openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
5480:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:


What could be the problem?

TIA

topdog 17th April 2008 10:13

handshake failure is usually a problem with the certificates, check the postfix logs for that particular time should get some indication of what is wrong

c4rdinal 17th April 2008 10:20

Quote:

Originally Posted by topdog
handshake failure is usually a problem with the certificates, check the postfix logs for that particular time should get some indication of what is wrong


Postfix logs:

#/var/log/mail.log

Apr 17 22:41:35 mail postfix/smtpd[4679]: connect from localhost[127.0.0.1]
Apr 17 22:46:35 mail postfix/smtpd[4679]: SSL_accept error from localhost[127.0.0.1]: -1
Apr 17 22:46:35 mail postfix/smtpd[4679]: lost connection after STARTTLS from localhost[127.0.0.1]

# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:55555 0.0.0.0:* LISTEN 2106/perl
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1990/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1664/portmap
tcp 0 0 0.0.0.0:2416 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:2801 0.0.0.0:* LISTEN 2426/rpc.statd
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2279/inetd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2106/perl
tcp 0 0 0.0.0.0:125 0.0.0.0:* LISTEN 5436/master
tcp6 0 0 :::993 :::* LISTEN 4524/couriertcpd
tcp6 0 0 :::995 :::* LISTEN 4414/couriertcpd
tcp6 0 0 :::110 :::* LISTEN 4366/couriertcpd
tcp6 0 0 :::143 :::* LISTEN 4486/couriertcpd
tcp6 0 0 :::80 :::* LISTEN 2465/apache2
tcp6 0 0 :::22 :::* LISTEN 2370/sshd
tcp6 0 0 :::125 :::* LISTEN 5436/master

topdog 17th April 2008 10:23

Are you sure that is all that is being logged ?

c4rdinal 17th April 2008 10:35

Quote:

Originally Posted by topdog
Are you sure that is all that is being logged ?

Yes, that's all you can see as far as the command:

# openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
5480:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Postfix Logs: /var/log/mail.log

Apr 17 22:41:35 mail postfix/smtpd[4679]: connect from localhost[127.0.0.1]
Apr 17 22:46:35 mail postfix/smtpd[4679]: SSL_accept error from localhost[127.0.0.1]: -1
Apr 17 22:46:35 mail postfix/smtpd[4679]: lost connection after STARTTLS from localhost[127.0.0.1]

#telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP Postfix
ehlo domain.com
250-mail.domain.com
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye


Postfix Logs: /var/log/mail.log

Apr 18 00:25:34 mail postfix/smtpd[5615]: connect from localhost[127.0.0.1]
Apr 18 00:26:02 mailpostfix/smtpd[5615]: disconnect from localhost[127.0.0.1]
Apr 18 00:29:46 mail postfix/smtpd[5618]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 18 00:29:46 mail postfix/smtpd[5618]: connect from localhost[127.0.0.1]
qApr 18 00:30:04 mail postfix/smtpd[5618]: disconnect from localhost[127.0.0.1]

topdog 17th April 2008 10:38

What of syslog ?

c4rdinal 17th April 2008 10:45

Quote:

Originally Posted by topdog
What of syslog ?

Here's the syslog output:

Apr 18 00:25:34 mail postfix/smtpd[5615]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 18 00:25:34 mail postfix/smtpd[5615]: connect from localhost[127.0.0.1]
Apr 18 00:26:02 mail postfix/smtpd[5615]: disconnect from localhost[127.0.0.1]
Apr 18 00:29:46 mail postfix/smtpd[5618]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 18 00:29:46 mail postfix/smtpd[5618]: connect from localhost[127.0.0.1]
Apr 18 00:30:04 mail postfix/smtpd[5618]: disconnect from localhost[127.0.0.1]

Also, I already recreated the ssl cert for a couple of times that doesn't help at all. Can't find any good results in Google either.

Thank you so much.

topdog 17th April 2008 10:49

post your main.cf

c4rdinal 17th April 2008 10:54

Quote:

Originally Posted by topdog
post your main.cf

myhostname = mail.domain.com
mydestination = $myhostname, localhost.domain.com,localhost.localdomain, localhost
mynetworks = 127.0.0.0/8
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.cert
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_reci$
myorigin = /etc/mailname
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

topdog 17th April 2008 11:00

Looks good try increasing the log level for tls
Code:

postconf -e 'smtpd_tls_loglevel = 4'


All times are GMT +2. The time now is 16:52.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.