Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix SMTP server: errors from unknown[209.85.212.69]

Expand Messages
  • DTNX Postmaster
    ... No, I got a different error, look at the last number. ... Are you sure it is correctly formatted? It is complaining about it; PEM_read_bio:no start
    Message 1 of 5 , Aug 23, 2013
    • 0 Attachment
      On Aug 23, 2013, at 10:36, David Benfell <dbenfell@...> wrote:

      >> Have you tested your server with 'openssl s_client'? This is what I
      >> am getting;
      >>
      >> $ openssl s_client -connect mail.parts-unknown.org:25 -starttls
      >> smtp CONNECTED(00000003) 4851:error:140770FC:SSL
      >> routines:SSL23_GET_SERVER_HELLO:unknown
      >> protocol:/SourceCache/OpenSSL098/OpenSSL098-47.1/src/ssl/s23_clnt.c:607:
      >>
      >>
      > I see the word error. ;-) I assume you got, more completely, the same
      > thing I got after following your advice below:
      >
      > CONNECTED(00000003)
      > 139983650948752:error:140770FC:SSL
      > routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:766:
      > - ---
      > no peer certificate available
      > - ---
      > No client certificate CA names sent
      > - ---
      > SSL handshake has read 244 bytes and written 357 bytes
      > - ---
      > New, (NONE), Cipher is (NONE)
      > Secure Renegotiation IS NOT supported
      > Compression: NONE
      > Expansion: NONE
      > - ---

      No, I got a different error, look at the last number.

      >> Disable debug logging, and lower your TLS log level. Restart
      >> Postfix, and check your logs for any warnings or errors.
      >>
      > So I did this and sent a test message from gmail. It does seem to be
      > having a problem finding the key file:
      >
      > Aug 23 01:12:41 munich.parts-unknown.org postfix/tlsproxy[18925]:
      > warning: cannot get RSA private key from file
      > /big/www/ssl/munich/munich.parts-unknown.org.concatenated.crt:
      > disa...LS support
      > Aug 23 01:12:41 munich.parts-unknown.org postfix/tlsproxy[18925]:
      > warning: TLS library problem: 18925:error:0906D06C:PEM
      > routines:PEM_read_bio:no start line:pem_lib.c:703:Expectin...IVATE KEY:
      > Aug 23 01:12:41 munich.parts-unknown.org postfix/tlsproxy[18925]:
      > warning: TLS library problem: 18925:error:140B0009:SSL
      > routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
      >
      > Why is this line not working?
      >
      > smtp_tls_key_file = /big/www/ssl/munich/munich.parts-unknown.org.key
      >
      > I've checked the file, it contains a private key.

      Are you sure it is correctly formatted? It is complaining about it;

      "PEM_read_bio:no start line:pem_lib.c:703:Expectin...IVATE KEY:"

      The start and end should be marked by the following lines;

      -----BEGIN RSA PRIVATE KEY-----
      <key goes here>
      -----END RSA PRIVATE KEY-----

      And each certificate, whether it is your host certificate or an
      intermediate, should be marked in a similar way;

      -----BEGIN CERTIFICATE-----
      <certificate goes here>
      -----END CERTIFICATE-----

      This is what the TLS library uses to read in the key and certificates
      when Postfix starts, and it looks like they may be missing, in your
      case.

      It is no problem to concatenate them, as long as you have the start and
      end markers for each, on their own lines.

      Mvg,
      Joni
    Your message has been successfully submitted and would be delivered to recipients shortly.