Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix Cert Problem

Expand Messages
  • Sandy Drobic
    ... Are you aware that you just posted the password for the user sysadmin ? PLAIN is called such because it IS a plaintext password mechanism. Change your
    Message 1 of 6 , Oct 1, 2006
    • 0 Attachment
      mynullvoid wrote:
      > when I do an auth trial I got this error:
      > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
      > mail:/var/log# telnet localhost 25
      > Trying 127.0.0.1...
      > Connected to localhost.localdomain.
      > Escape character is '^]'.
      > 220 localhost.localdomain ESMTP Postfix (AZRB)
      > ehlo localhost.localdomain
      > 250-localhost.localdomain
      > 250-PIPELINING
      > 250-SIZE
      > 250-ETRN
      > 250-STARTTLS
      > 250-AUTH LOGIN PLAIN
      > 250-AUTH=LOGIN PLAIN
      > 250-ENHANCEDSTATUSCODES
      > 250-8BITMIME
      > 250 DSN
      > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
      > 535 5.7.0 Error: authentication failed: bad protocol / cancel

      Are you aware that you just posted the password for the user "sysadmin"?
      "PLAIN" is called such because it IS a plaintext password mechanism.
      Change your password immediately!

      >
      > mynullvoid <mynullvoid@...> wrote:
      > I had just recreate my certificates for my postfix, but I am getting error in my mail.log
      >
      > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side TLS engine
      > Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get private key from file /etc/postfix/ssl/newreq.pem
      > Oct 1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY:
      > Oct 1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:

      Postfix cannot check the private key with which the certificate was created.

      http://www.postfix.org/TLS_README.html#quick-start

      Sandy

      --
      List replies only please!
      Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
    • mynullvoid
      Hi, Previously I was following guide from: http://www.fatofthelan.com/articles/articles.php?pid=22 I had created all the cert and was working fine, and now the
      Message 2 of 6 , Oct 1, 2006
      • 0 Attachment
        Hi,
         
        Previously I was following guide from: http://www.fatofthelan.com/articles/articles.php?pid=22
         
        I had created all the cert and was working fine, and now the problem starts. I also don't know what is 250-ENHANCEDSTATUSCODES.
         
        The cert is a self sign cert as the article guide.
         
        I am using DEBIAN SID
         
        Please HELP
         
        Thank you

        Scott Kitterman <postfix@...> wrote:
        On Sunday 01 October 2006 02:30, mynullvoid wrote:
        > when I do an auth trial I got this error:
        > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
        > mail:/var/log# telnet localhost 25
        > Trying 127.0.0.1...
        > Connected to localhost.localdomain.
        > Escape character is '^]'.
        > 220 localhost.localdomain ESMTP Postfix (AZRB)
        > ehlo localhost.localdomain
        > 250-localhost.localdomain
        > 250-PIPELINING
        > 250-SIZE
        > 250-ETRN
        > 250-STARTTLS
        > 250-AUTH LOGIN PLAIN
        > 250-AUTH=LOGIN PLAIN
        > 250-ENHANCEDSTATUSCODES
        > 250-8BITMIME
        > 250 DSN
        > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
        > 535 5.7.0 Error: authentication failed: bad protocol / cancel
        >
        >
        > mynullvoid wrote:
        > I had just recreate my certificates for my postfix, but I am getting
        > error in my mail.log
        >
        > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
        > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get
        > private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33 mail
        > postfix/smtpd[11449]: warning: TLS library problem:
        > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
        > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
        > postfix/smtpd[11449]: warning: TLS library problem:
        > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
        > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot load
        > RSA certificate and key data Oct 1 13:53:33 mail postfix/smtpd[11449]:
        > connect from localhost.localdomain[127.0.0.1]
        >
        > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
        > went wrong, please help me.
        >
        Are you certain that newreq.pem is the private key that has been signed by the
        Certificate Authority? Is the public key file there too?

        Scott K


        Get your email and more, right on the new Yahoo.com

      • Rainer Frey
        ... The current Ubuntu version of CA.pl saves the private key to newkey.pem instead of inside newreq.pem (although the manual page says differently). Check
        Message 3 of 6 , Oct 2, 2006
        • 0 Attachment
          On Monday 02 October 2006 05:31, mynullvoid wrote:
          > > > I had just recreate my certificates for my postfix, but I am getting
          > > > error in my mail.log
          > > >
          > > > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
          > > > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot
          > > > get private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33
          > > > mail postfix/smtpd[11449]: warning: TLS library problem:
          > > > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
          > > > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
          > > > postfix/smtpd[11449]: warning: TLS library problem:
          > > > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
          > > > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot
          > > > load RSA certificate and key data Oct 1 13:53:33 mail
          > > > postfix/smtpd[11449]: connect from localhost.localdomain[127.0.0.1]
          > > >
          > > > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
          > > > went wrong, please help me.
          > >
          > > Are you certain that newreq.pem is the private key that has been signed
          > > by the Certificate Authority? Is the public key file there too?
          >
          > Hi,
          >
          > Previously I was following guide from:
          > http://www.fatofthelan.com/articles/articles.php?pid=22

          The current Ubuntu version of CA.pl saves the private key to newkey.pem
          instead of inside newreq.pem (although the manual page says differently).
          Check whether there is a newkey.pem in /usr/lib/ssl/misc (or wherever you
          called CA.pl), and use this as smtpd_tls_key_file.
          >
          > I had created all the cert and was working fine, and now the problem
          > starts. I also don't know what is 250-ENHANCEDSTATUSCODES.

          This means your postfix supports enhanced status codes ESMTP extension. This
          is a new feature of Postfix 2.3 and has nothing to do with authentication or
          TLS.

          Rainer

          P.S: Please don't top post.
          --
          Software Development

          ------------------------------------------------------

          Inxmail GmbH
          Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany

          Tel +49 (0)761 / 296 979-0
          Fax +49 (0)761 / 296 979-9
          Web http://www.inxmail.de
          -------------------------------------------------------

          Besuchen Sie uns auf der Systems 2006
          23.- 27.10.2006, Messe M�nchen Halle 1, Stand 312.

          Dort zeigen wir Ihnen die neue Version 3.5 der
          E-Mail-Marketing L�sung Inxmail Professional.

          http://www.inxmail.de/news/messen_termine_1735.htm
        Your message has been successfully submitted and would be delivered to recipients shortly.