TLS Library Problem

From: Michael Bazar (no email)
Date: Wed Jan 04 2006 - 11:57:28 EST

  • Next message: CN: "Re: Postfix mail gateway not rejecting non-existant local / relay recipients"

    I have a postfix server setup on FC 4 and it works fine, I've pushed
    Dovecot over to ssl only connections and now I want to setup postfix
    to use SASL/TLS so people can't relay off me. I've gone though the
    how-to's and help files, but I can't find a resolution for my current
    problem. Everything on the AUTH side works untill I force the TLS
    connection. if I rem the line to only allow TLS it works, but then
    the whole session is sent over plain text. Here is my config info and
    a telnet session to port 25:

    I can't get the TLS Library Problem solved and that seems to be kicking me off

    EHLO files.xxxx.com
    250-files.xxx.com
    250-PIPELINING
    250-SIZE 50240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250 8BITMIME
    starttls
    220 Ready to start TLS
    mail from
    Connection closed by foreign host.

    [root at files log]# tail -f maillog
    Jan 4 10:00:13 files postfix/smtpd[3942]: SSL_accept:before/accept
    initialization
    Jan 4 10:00:13 files postfix/smtpd[3942]: read from 09F3A508
    [09F43BD8] (11 bytes => -1 (0xFFFFFFFF))
    Jan 4 10:00:13 files postfix/smtpd[3942]: SSL_accept:error in
    SSLv2/v3 read client hello A
    Jan 4 10:00:29 files postfix/smtpd[3942]: read from 09F3A508
    [09F43BD8] (11 bytes => 11 (0xB))
    Jan 4 10:00:29 files postfix/smtpd[3942]: 0000 6d 61 69 6c 20 66 72
    6f|6d 20 6d mail fro m m
    Jan 4 10:00:29 files postfix/smtpd[3942]: SSL_accept:error in
    SSLv2/v3 read client hello A
    Jan 4 10:00:29 files postfix/smtpd[3942]: SSL_accept error from
    unknown[172.77.10.1]: -1
    Jan 4 10:00:29 files postfix/smtpd[3942]: warning: TLS library
    problem: 3942:error:140760FC:SSL
    routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:589:
    Jan 4 10:00:29 files postfix/smtpd[3942]: lost connection after
    STARTTLS from unknown[172.77.10.1]
    Jan 4 10:00:29 files postfix/smtpd[3942]: disconnect from unknown[ 172.77.10.1]
    Jan 4 10:03:10 files imap-login: Login: xxx
    Jan 4 10:06:22 files imap-login: Login: xxx

    ******From main.cf:

    #SASL Paramaters
    smtpd_sasl_auth_enable = yes
    smtpd_recipient_restrictions = permit_mynetworks
    permit_sasl_authenticated check_relay_domains
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain = $myhostname
    broken_sasl_auth_clients = yes

    ## TLS
    # Transport Layer Security
    # TLS-Patch by Lutz Jäcke
    #
    smtpd_use_tls = yes
    smtpd_tls_auth_only = yes <---- If I
    comment this out it works - but no TLS then
    smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
    smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 3
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    Thanks for the help


  • Next message: CN: "Re: Postfix mail gateway not rejecting non-existant local / relay recipients"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD