Loading ...
Sorry, an error occurred while loading the content.
 

SMTPS 465

Expand Messages
  • Joan Moreau
    Hi, I am stuck with making my SSL SMTPS (port 465) works, while it was working fine since ever. I upgraded my kernel to 3.8.6 and since then, nothing works :(
    Message 1 of 45 , Apr 12, 2013

      Hi,

      I am stuck with making my SSL SMTPS (port 465) works, while it was working fine since ever.

      I upgraded my kernel to 3.8.6 and since then, nothing works :(

       

      Here my postconf -n

      alias_maps = hash:/etc/aliases
      biff = no
      bounce_queue_lifetime = 6h
      broken_sasl_auth_clients = yes
      canonical_maps = hash:/etc/postfix/canonical
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/lib/postfix
      data_directory = /var/lib/postfix
      defer_transports =
      delay_warning_time = 1h
      disable_dns_lookups = no
      disable_mime_output_conversion = no
      dovecot_destination_recipient_limit = 1
      header_checks = pcre:/etc/postfix/smtp_header_checks
      html_directory = no
      inet_interfaces = all
      inet_protocols = ipv4
      local_recipient_maps =
      mail_owner = postfix
      mail_spool_directory = /var/spool/mail
      mailbox_size_limit = 0
      mailbox_transport = dovecot
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/share/man
      masquerade_classes = envelope_sender, header_sender, header_recipient
      masquerade_domains =
      masquerade_exceptions = root
      maximal_queue_lifetime = 1d
      message_size_limit = 204800000
      mydestination = $myhostname, localhost.$mydomain
      mydomain = grosjo.net
      myhostname = grosjo.net
      mynetworks = 127.0.0.0/8 204.93.196.46/32
      myorigin = $mydomain
      newaliases_path = /usr/bin/newaliases
      proxy_read_maps = $virtual_mailbox_domains $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
      queue_directory = /var/spool/postfix
      readme_directory = no
      relayhost =
      relocated_maps = hash:/etc/postfix/relocated
      sample_directory = /usr/share/doc/packages/postfix/samples
      sender_canonical_maps = hash:/etc/postfix/sender_canonical
      sendmail_path = /usr/sbin/sendmail
      setgid_group = maildrop
      slow_destination_concurrency_limit = 2
      slow_destination_recipient_limit = 1
      smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
      smtp_sasl_auth_enable = no
      smtp_tls_CAfile = /etc/ssl/ca-bundle.crt
      smtp_tls_cert_file = /etc/ssl/certs/gjnet.crt
      smtp_tls_key_file = /etc/ssl/certs/gjnet.key
      smtp_tls_session_cache_database = hash:/var/lib/postfix/smtp_scache
      smtp_use_tls = no
      smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
      smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
      smtpd_helo_required = no
      smtpd_helo_restrictions =
      smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org,check_policy_service inet:127.0.0.1:10023
      smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
      smtpd_sasl_auth_enable = no
      smtpd_sasl_local_domain = $mydomain
      smtpd_sasl_path = smtpd
      smtpd_sasl_security_options = noanonymous
      smtpd_sender_restrictions = permit_sasl_authenticated
      smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt
      smtpd_tls_CApath = /etc/ssl/certs
      smtpd_tls_cert_file = /etc/ssl/certs/gjnet.crt
      smtpd_tls_key_file = /etc/ssl/certs/gjnet.key
      smtpd_tls_loglevel = 3
      strict_8bitmime = no
      strict_rfc821_envelopes = no
      transport_maps = hash:/etc/postfix/transport
      unknown_local_recipient_reject_code = 550
      virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
      virtual_gid_maps = static:1002
      virtual_mailbox_base = /data/mail
      virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
      virtual_mailbox_limit = 0
      virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
      virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
      virtual_minimum_uid = 10001
      virtual_transport = dovecot
      virtual_uid_maps = static:10001

      my master.cf

      mtp      inet  n       -       n       -       -       smtpd
      # -o content_filter=spamassassin
      #smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
      smtps     inet  n       -       n       -       -       smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes
      submission inet n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes
      pickup    fifo  n       -       n       60      1       pickup
      cleanup   unix  n       -       n       -       0       cleanup
      qmgr      fifo  n       -       n       300     1       qmgr
      rewrite   unix  -       -       n       -       -       trivial-rewrite
      bounce    unix  -       -       n       -       0       bounce
      defer     unix  -       -       n       -       0       bounce
      trace     unix  -       -       n       -       0       bounce
      verify    unix  -       -       n       -       1       verify
      flush     unix  n       -       n       1000?   0       flush
      tlsmgr    unix  -       -       n       1000?   1       tlsmgr
      proxymap  unix  -       -       n       -       -       proxymap
      smtp      unix  -       -       n       -       -       smtp
      relay     unix  -       -       n       -       -       smtp  -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq     unix  n       -       n       -       -       showq
      error     unix  -       -       n       -       -       error
      discard   unix  -       -       n       -       -       discard
      local     unix  -       n       n       -       -       local
      virtual   unix  -       n       n       -       -       virtual
      lmtp      unix  -       -       n       -       -       lmtp
      anvil     unix  -       -       n       -       1       anvil
      scache    unix  -       -       n       -       1       scache
      # spamassassin unix -   n       n       -       -       pipe flags=DRhu user=mailusers argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
      retry     unix  -       -       n       -       -       error
      proxywrite unix -       -       n       -       1       proxymap
      dovecot   unix  -       n       n       -       -       pipe flags=DRhu user=mailusers argv=/usr/bin/spamc -4 -e /usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
      tlsmgr    unix  -       -       n       1000?   1       tlsmgr
      slow      unix  -       -       n       -       1       smtp -o syslog_name=postfix-slow -o smtp_destination_concurrency_limit=1 -o slow_destination_rate_delay=12

      and the compilation of postifx 2.10.0 :

      make -f Makefile.init makefiles 'CCARGS=-DHAS_PCRE -DHAS_MYSQL -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -UHAS_LDAP -UHAS_IPV6 -DUSE_TLS -I/usr/include/mysql/ -I/usr/include/sasl ' 'AUXLIBS=-L/usr/lib/mysql/ -lmysqlclient -lssl -lcrypto -lz -lm -lpcre -lsasl2'

       

      I am desesprate

      Can you help ?

      Thank you

       

       

    • Stan Hoeppner
      ... You will probably not get the answer from the Postfix mailing list, as this is not a problem with Postfix, and it appears that nobody here is willing to
      Message 45 of 45 , Apr 15, 2013
        On 4/15/2013 6:57 AM, Joan Moreau wrote:

        > Reverted to 3.7.10. Recompiled openssl + cyrus + posfix . Same errors.
        > Where does the inconsistency reside ?

        You will probably not get the answer from the Postfix mailing list, as
        this is not a problem with Postfix, and it appears that nobody here is
        willing to dedicate additional time to helping you debug/fix a
        non-Postfix problem.

        > 2013-04-15T13:55:29.921960+02:00 server postfix/smtpd[3308]: warning:
        > TLS library problem: 3308:error:1411C146:SSL
        > routines:tls1_prf:unsupported digest type:t1_enc.c:276:
        > 2013-04-15T13:55:29.921966+02:00 server postfix/smtpd[3308]: warning:
        > TLS library problem: 3308:error:140D308A:SSL
        > routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable:t1_enc.c:597:

        I think it's time for you to move (back?) into the distribution fold, to
        discontinue building your userland from scratch. You are an end user,
        not a developer. The situation you find yourself in is the exact reason
        why the first Linux distributions were created, and still exist today.
        Which is to get a pre built system where the kernel and all of the
        package and library versions work together, without end user debugging
        required.

        In fact, you are the current poster child for the Linux distribution model.

        --
        Stan
      Your message has been successfully submitted and would be delivered to recipients shortly.