Prev-20 Home Next-20 11 msg SMTP authentication with saslauthd against PAM 7 msg Error in SMTP sequence 2 msg dkim-milter on relay server unknown-jobid exter... Stubborn Cert issue \ Dehnert James Sr (12 Apr 2007) . \ Victor Duchovni (13 Apr 2007) . . \ Dehnert James Sr (14 Apr 2007) . . . \ Dehnert James Sr (14 Apr 2007) . . . . \ (Wietse Venema) (14 Apr 2007) . . . . . \ Dehnert James Sr (15 Apr 2007) . . . . . . \ (Wietse Venema) (15 Apr 2007) . . . . . . . \ Dehnert James Sr (16 Apr 2007) . . . . . . \ Victor Duchovni (15 Apr 2007) . . . \ Victor Duchovni (14 Apr 2007) . . . . \ Victor Duchovni (14 Apr 2007) 3 msg Problems with false positives 4 msg reject_unverified_recipient case sensitive? 3 msg dkim=fail (verification error: invalid key gran... 5 msg ? Using header checks on (Postini) X-pstn-levels 2 msg Can't find error in my config file. Can you? 1 msg chroot postgresql ssl problem 15 msg What cert to buy 3 msg Address re-writing 9 msg Mail Rejected when we relay for a client. 8 msg Queueing up archive messages 2 msg Cannot send e-mails from any e-mail clients 1 msg Re: outbound mail failure - need to fix asap -S... 4 msg outbound mail failure - need to fix asap 3 msg Postfix alias problem 2 msg problem to send a mail to a command in aliases 3 msg smtpd_auth Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Apr-2007 Next-Thread Next-Msg Subject: Stubborn Cert issue Group: Postfix-users From: Dehnert James Sr Date: 12 Apr 2007 I have created a self signed cert, installed it, and I have it working for dovecot, but for some reason I cannot get TLS to start when I connect via smtp or submission. The system works fine without TLS, and I have created new certs to test that out too (using Ralf & Patricks book as the guide) This is running on CentOS 4.4 postfix-2.2.10 postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_cert_file = /etc/postfix/certs/mail_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/mail_private_key.pem smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/random unknown_local_recipient_reject_code = 550 master.cf smtp inet n - n - - smtpd -v submission inet n - n - - smtpd -v -o smtpd_sasl_auth_enable=yes -o smtpd_enforce_tls=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject Log info... pr 12 15:51:31 localhost postfix/smtpd[5489]: connect from unknown [192.168.5.132] Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: unknown: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: 192.168.5.132: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: unknown: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: 192.168.5.132: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_hostname: unknown ~? 127.0.0.0/8 Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_hostaddr: 192.168.5.132 ~? 127.0.0.0/8 Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: unknown: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: 192.168.5.132: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: send attr request = connect Apr 12 15:51:31 localhost postfix/smtpd[5489]: send attr ident = submission:192.168.5.132 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/anvil: wanted attribute: status Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: status Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute value: 0 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/anvil: wanted attribute: count Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: count Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute value: 1 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/anvil: wanted attribute: rate Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: rate Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute value: 2 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/anvil: wanted attribute: (list terminator) Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: (end) Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 220 localhost.localdomain ESMTP Postfix Apr 12 15:51:31 localhost postfix/smtpd[5489]: < unknown [192.168.5.132]: EHLO [192.168.5.132] Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-localhost.localdomain Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-PIPELINING Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-SIZE 10240000 Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-VRFY Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-ETRN Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-STARTTLS Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: unknown: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: 192.168.5.132: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250-AUTH=LOGIN PLAIN CRAM-MD5 DIGEST-MD5 Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 250 8BITMIME Apr 12 15:51:31 localhost postfix/smtpd[5489]: < unknown [192.168.5.132]: STARTTLS Apr 12 15:51:31 localhost postfix/smtpd[5489]: > unknown [192.168.5.132]: 220 Ready to start TLS Apr 12 15:51:31 localhost postfix/smtpd[5489]: setting up TLS connection from unknown[192.168.5.132] Apr 12 15:51:31 localhost postfix/smtpd[5489]: send attr request = seed Apr 12 15:51:31 localhost postfix/smtpd[5489]: send attr size = 32 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/tlsmgr: wanted attribute: status Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: status Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute value: 0 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/tlsmgr: wanted attribute: seed Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: seed Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute value: 1Ki9D1dI0Af4LTFsziQ787t29wSfPtd6naUhaT1uu0k= Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/tlsmgr: wanted attribute: (list terminator) Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: (end) Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:before/ accept initialization Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:error in SSLv2/v3 read client hello A Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:error in SSLv3 read client hello B Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:error in SSLv3 read client hello B Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:SSLv3 read client hello B Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:SSLv3 write server hello A Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:SSLv3 write certificate A Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:SSLv3 write server done A Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:SSLv3 flush data Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept:error in SSLv3 read client certificate A Apr 12 15:51:31 localhost postfix/smtpd[5489]: SSL_accept error from unknown[192.168.5.132]: -1 Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_hostname: unknown ~? 127.0.0.0/8 Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_hostaddr: 192.168.5.132 ~? 127.0.0.0/8 Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: unknown: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: match_list_match: 192.168.5.132: no match Apr 12 15:51:31 localhost postfix/smtpd[5489]: send attr request = disconnect Apr 12 15:51:31 localhost postfix/smtpd[5489]: send attr ident = submission:192.168.5.132 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/anvil: wanted attribute: status Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: status Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute value: 0 Apr 12 15:51:31 localhost postfix/smtpd[5489]: private/anvil: wanted attribute: (list terminator) Apr 12 15:51:31 localhost postfix/smtpd[5489]: input attribute name: (end) Apr 12 15:51:31 localhost postfix/smtpd[5489]: lost connection after STARTTLS from unknown[192.168.5.132] Apr 12 15:51:31 localhost postfix/smtpd[5489]: disconnect from unknown [192.168.5.132] Apr 12 15:51:31 localhost postfix/smtpd[5489]: master_notify: status 1 Apr 12 15:51:31 localhost postfix/smtpd[5489]: connection closed I suspect I have a config error somewhere, but I need more eyes to look at this since I'm missing it. Thanks, Zeke -- James "Zeke" Dehnert mailto:jdehnert Phone: +1 707.546.6620 x602 Fax: +1 707.324.8043 "Life is racing, everything else is just waiting" Prev-Msg Prev-Thread Postfix-users Apr-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com