Loading ...
Sorry, an error occurred while loading the content.
 

Re: Postfix Cert Problem

Expand Messages
  • Scott Kitterman
    ... Are you certain that newreq.pem is the private key that has been signed by the Certificate Authority? Is the public key file there too? Scott K
    Message 1 of 6 , Sep 30, 2006
      On Sunday 01 October 2006 02:30, mynullvoid wrote:
      > when I do an auth trial I got this error:
      > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
      > mail:/var/log# telnet localhost 25
      > Trying 127.0.0.1...
      > Connected to localhost.localdomain.
      > Escape character is '^]'.
      > 220 localhost.localdomain ESMTP Postfix (AZRB)
      > ehlo localhost.localdomain
      > 250-localhost.localdomain
      > 250-PIPELINING
      > 250-SIZE
      > 250-ETRN
      > 250-STARTTLS
      > 250-AUTH LOGIN PLAIN
      > 250-AUTH=LOGIN PLAIN
      > 250-ENHANCEDSTATUSCODES
      > 250-8BITMIME
      > 250 DSN
      > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
      > 535 5.7.0 Error: authentication failed: bad protocol / cancel
      >
      >
      > mynullvoid <mynullvoid@...> wrote:
      > I had just recreate my certificates for my postfix, but I am getting
      > error in my mail.log
      >
      > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
      > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get
      > private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33 mail
      > postfix/smtpd[11449]: warning: TLS library problem:
      > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
      > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
      > postfix/smtpd[11449]: warning: TLS library problem:
      > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
      > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot load
      > RSA certificate and key data Oct 1 13:53:33 mail postfix/smtpd[11449]:
      > connect from localhost.localdomain[127.0.0.1]
      >
      > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
      > went wrong, please help me.
      >
      Are you certain that newreq.pem is the private key that has been signed by the
      Certificate Authority? Is the public key file there too?

      Scott K
    • Sandy Drobic
      ... Are you aware that you just posted the password for the user sysadmin ? PLAIN is called such because it IS a plaintext password mechanism. Change your
      Message 2 of 6 , Oct 1, 2006
        mynullvoid wrote:
        > when I do an auth trial I got this error:
        > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
        > mail:/var/log# telnet localhost 25
        > Trying 127.0.0.1...
        > Connected to localhost.localdomain.
        > Escape character is '^]'.
        > 220 localhost.localdomain ESMTP Postfix (AZRB)
        > ehlo localhost.localdomain
        > 250-localhost.localdomain
        > 250-PIPELINING
        > 250-SIZE
        > 250-ETRN
        > 250-STARTTLS
        > 250-AUTH LOGIN PLAIN
        > 250-AUTH=LOGIN PLAIN
        > 250-ENHANCEDSTATUSCODES
        > 250-8BITMIME
        > 250 DSN
        > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
        > 535 5.7.0 Error: authentication failed: bad protocol / cancel

        Are you aware that you just posted the password for the user "sysadmin"?
        "PLAIN" is called such because it IS a plaintext password mechanism.
        Change your password immediately!

        >
        > mynullvoid <mynullvoid@...> wrote:
        > I had just recreate my certificates for my postfix, but I am getting error in my mail.log
        >
        > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side TLS engine
        > Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get private key from file /etc/postfix/ssl/newreq.pem
        > Oct 1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY:
        > Oct 1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:

        Postfix cannot check the private key with which the certificate was created.

        http://www.postfix.org/TLS_README.html#quick-start

        Sandy

        --
        List replies only please!
        Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
      • mynullvoid
        Hi, Previously I was following guide from: http://www.fatofthelan.com/articles/articles.php?pid=22 I had created all the cert and was working fine, and now the
        Message 3 of 6 , Oct 1, 2006
          Hi,
           
          Previously I was following guide from: http://www.fatofthelan.com/articles/articles.php?pid=22
           
          I had created all the cert and was working fine, and now the problem starts. I also don't know what is 250-ENHANCEDSTATUSCODES.
           
          The cert is a self sign cert as the article guide.
           
          I am using DEBIAN SID
           
          Please HELP
           
          Thank you

          Scott Kitterman <postfix@...> wrote:
          On Sunday 01 October 2006 02:30, mynullvoid wrote:
          > when I do an auth trial I got this error:
          > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
          > mail:/var/log# telnet localhost 25
          > Trying 127.0.0.1...
          > Connected to localhost.localdomain.
          > Escape character is '^]'.
          > 220 localhost.localdomain ESMTP Postfix (AZRB)
          > ehlo localhost.localdomain
          > 250-localhost.localdomain
          > 250-PIPELINING
          > 250-SIZE
          > 250-ETRN
          > 250-STARTTLS
          > 250-AUTH LOGIN PLAIN
          > 250-AUTH=LOGIN PLAIN
          > 250-ENHANCEDSTATUSCODES
          > 250-8BITMIME
          > 250 DSN
          > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
          > 535 5.7.0 Error: authentication failed: bad protocol / cancel
          >
          >
          > mynullvoid wrote:
          > I had just recreate my certificates for my postfix, but I am getting
          > error in my mail.log
          >
          > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
          > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get
          > private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33 mail
          > postfix/smtpd[11449]: warning: TLS library problem:
          > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
          > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
          > postfix/smtpd[11449]: warning: TLS library problem:
          > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
          > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot load
          > RSA certificate and key data Oct 1 13:53:33 mail postfix/smtpd[11449]:
          > connect from localhost.localdomain[127.0.0.1]
          >
          > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
          > went wrong, please help me.
          >
          Are you certain that newreq.pem is the private key that has been signed by the
          Certificate Authority? Is the public key file there too?

          Scott K


          Get your email and more, right on the new Yahoo.com

        • Rainer Frey
          ... The current Ubuntu version of CA.pl saves the private key to newkey.pem instead of inside newreq.pem (although the manual page says differently). Check
          Message 4 of 6 , Oct 2, 2006
            On Monday 02 October 2006 05:31, mynullvoid wrote:
            > > > I had just recreate my certificates for my postfix, but I am getting
            > > > error in my mail.log
            > > >
            > > > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
            > > > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot
            > > > get private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33
            > > > mail postfix/smtpd[11449]: warning: TLS library problem:
            > > > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
            > > > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
            > > > postfix/smtpd[11449]: warning: TLS library problem:
            > > > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
            > > > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot
            > > > load RSA certificate and key data Oct 1 13:53:33 mail
            > > > postfix/smtpd[11449]: connect from localhost.localdomain[127.0.0.1]
            > > >
            > > > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
            > > > went wrong, please help me.
            > >
            > > Are you certain that newreq.pem is the private key that has been signed
            > > by the Certificate Authority? Is the public key file there too?
            >
            > Hi,
            >
            > Previously I was following guide from:
            > http://www.fatofthelan.com/articles/articles.php?pid=22

            The current Ubuntu version of CA.pl saves the private key to newkey.pem
            instead of inside newreq.pem (although the manual page says differently).
            Check whether there is a newkey.pem in /usr/lib/ssl/misc (or wherever you
            called CA.pl), and use this as smtpd_tls_key_file.
            >
            > I had created all the cert and was working fine, and now the problem
            > starts. I also don't know what is 250-ENHANCEDSTATUSCODES.

            This means your postfix supports enhanced status codes ESMTP extension. This
            is a new feature of Postfix 2.3 and has nothing to do with authentication or
            TLS.

            Rainer

            P.S: Please don't top post.
            --
            Software Development

            ------------------------------------------------------

            Inxmail GmbH
            Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany

            Tel +49 (0)761 / 296 979-0
            Fax +49 (0)761 / 296 979-9
            Web http://www.inxmail.de
            -------------------------------------------------------

            Besuchen Sie uns auf der Systems 2006
            23.- 27.10.2006, Messe M�nchen Halle 1, Stand 312.

            Dort zeigen wir Ihnen die neue Version 3.5 der
            E-Mail-Marketing L�sung Inxmail Professional.

            http://www.inxmail.de/news/messen_termine_1735.htm
          Your message has been successfully submitted and would be delivered to recipients shortly.