Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th April 2008, 09:31
c4rdinal c4rdinal is offline
Member
 
Join Date: Mar 2008
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Default Virtual Users And Domains With Postfix, Courier And MySQL - TLS not working

Hi,

I noticed that TLS is not working:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP Postfix
ehlo localhost
250-mail.domain.com
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


I cannot find STARTTLS.

/var/log/mail.log indicates:

Apr 17 22:41:35 mail postfix/smtpd[4679]: connect from localhost[127.0.0.1]
Apr 17 22:46:35 mail postfix/smtpd[4679]: SSL_accept error from localhost[127.0.0.1]: -1
Apr 17 22:46:35 mail postfix/smtpd[4679]: lost connection after STARTTLS from localhost[127.0.0.1]

mail:/etc/postfix/ssl# openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
5480:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:


What could be the problem?

TIA

Last edited by c4rdinal; 17th April 2008 at 09:41.
Reply With Quote
Sponsored Links
  #2  
Old 17th April 2008, 10:13
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

handshake failure is usually a problem with the certificates, check the postfix logs for that particular time should get some indication of what is wrong
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 17th April 2008, 10:20
c4rdinal c4rdinal is offline
Member
 
Join Date: Mar 2008
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by topdog
handshake failure is usually a problem with the certificates, check the postfix logs for that particular time should get some indication of what is wrong

Postfix logs:

#/var/log/mail.log

Apr 17 22:41:35 mail postfix/smtpd[4679]: connect from localhost[127.0.0.1]
Apr 17 22:46:35 mail postfix/smtpd[4679]: SSL_accept error from localhost[127.0.0.1]: -1
Apr 17 22:46:35 mail postfix/smtpd[4679]: lost connection after STARTTLS from localhost[127.0.0.1]

# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:55555 0.0.0.0:* LISTEN 2106/perl
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1990/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1664/portmap
tcp 0 0 0.0.0.0:2416 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:2801 0.0.0.0:* LISTEN 2426/rpc.statd
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2279/inetd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2106/perl
tcp 0 0 0.0.0.0:125 0.0.0.0:* LISTEN 5436/master
tcp6 0 0 :::993 :::* LISTEN 4524/couriertcpd
tcp6 0 0 :::995 :::* LISTEN 4414/couriertcpd
tcp6 0 0 :::110 :::* LISTEN 4366/couriertcpd
tcp6 0 0 :::143 :::* LISTEN 4486/couriertcpd
tcp6 0 0 :::80 :::* LISTEN 2465/apache2
tcp6 0 0 :::22 :::* LISTEN 2370/sshd
tcp6 0 0 :::125 :::* LISTEN 5436/master
Reply With Quote
  #4  
Old 17th April 2008, 10:23
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Are you sure that is all that is being logged ?
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 17th April 2008, 10:35
c4rdinal c4rdinal is offline
Member
 
Join Date: Mar 2008
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by topdog
Are you sure that is all that is being logged ?
Yes, that's all you can see as far as the command:

# openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
5480:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Postfix Logs: /var/log/mail.log

Apr 17 22:41:35 mail postfix/smtpd[4679]: connect from localhost[127.0.0.1]
Apr 17 22:46:35 mail postfix/smtpd[4679]: SSL_accept error from localhost[127.0.0.1]: -1
Apr 17 22:46:35 mail postfix/smtpd[4679]: lost connection after STARTTLS from localhost[127.0.0.1]

#telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP Postfix
ehlo domain.com
250-mail.domain.com
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye


Postfix Logs: /var/log/mail.log

Apr 18 00:25:34 mail postfix/smtpd[5615]: connect from localhost[127.0.0.1]
Apr 18 00:26:02 mailpostfix/smtpd[5615]: disconnect from localhost[127.0.0.1]
Apr 18 00:29:46 mail postfix/smtpd[5618]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 18 00:29:46 mail postfix/smtpd[5618]: connect from localhost[127.0.0.1]
qApr 18 00:30:04 mail postfix/smtpd[5618]: disconnect from localhost[127.0.0.1]
Reply With Quote
  #6  
Old 17th April 2008, 10:38
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

What of syslog ?
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #7  
Old 17th April 2008, 10:45
c4rdinal c4rdinal is offline
Member
 
Join Date: Mar 2008
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by topdog
What of syslog ?
Here's the syslog output:

Apr 18 00:25:34 mail postfix/smtpd[5615]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 18 00:25:34 mail postfix/smtpd[5615]: connect from localhost[127.0.0.1]
Apr 18 00:26:02 mail postfix/smtpd[5615]: disconnect from localhost[127.0.0.1]
Apr 18 00:29:46 mail postfix/smtpd[5618]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 18 00:29:46 mail postfix/smtpd[5618]: connect from localhost[127.0.0.1]
Apr 18 00:30:04 mail postfix/smtpd[5618]: disconnect from localhost[127.0.0.1]

Also, I already recreated the ssl cert for a couple of times that doesn't help at all. Can't find any good results in Google either.

Thank you so much.

Last edited by c4rdinal; 17th April 2008 at 10:47.
Reply With Quote
  #8  
Old 17th April 2008, 10:49
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

post your main.cf
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #9  
Old 17th April 2008, 10:54
c4rdinal c4rdinal is offline
Member
 
Join Date: Mar 2008
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by topdog
post your main.cf
myhostname = mail.domain.com
mydestination = $myhostname, localhost.domain.com,localhost.localdomain, localhost
mynetworks = 127.0.0.0/8
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.cert
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_reci$
myorigin = /etc/mailname
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
Reply With Quote
  #10  
Old 17th April 2008, 11:00
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
 
Default

Looks good try increasing the log level for tls
Code:
postconf -e 'smtpd_tls_loglevel = 4'
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier And MySQL Secondary MX acoghlan HOWTO-Related Questions 1 8th March 2008 05:02
Virtual Users And Domains With Postfix, Courier And MySQL [+ procmail ?] immobilia HOWTO-Related Questions 5 29th June 2006 23:20
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs mholownych HOWTO-Related Questions 10 29th May 2006 03:39
Virtual Users And Domains With Postfix, Courier And MySQL - "apt-get" and Courier burritonator HOWTO-Related Questions 3 15th March 2006 20:11
Problem with Virtual Users And Domains With Postfix, Courier And MySQL Howto fenix Server Operation 4 11th March 2006 02:53


All times are GMT +2. The time now is 11:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.