# [solved] tls postfix problem.

## trothigar

Hi,

I am having trouble authenticating against postfix with tls for smtp. It works fine without tls, however when i enable tls in the email client, it complains the server doesn't offer starttls in ehlo response.

Transcript of session follows. (xxxx.xxx represents a real domain name)

 Out: 220 xxxx.xxx ESMTP Postfix

 In:  EHLO [192.168.1.3]

 Out: 250-xxxx.xxx

 Out: 250-PIPELINING

 Out: 250-SIZE 10240000

 Out: 250-VRFY

 Out: 250-ETRN

 Out: 250-STARTTLS

 Out: 250-AUTH PLAIN LOGIN

 Out: 250-ENHANCEDSTATUSCODES

 Out: 250-8BITMIME

 Out: 250 DSN

 In:  STARTTLS

 Out: 454 4.7.0 TLS not available due to local problem

 In:  QUIT

 Out: 221 2.0.0 Bye

Due to the "Out: 454 4.7.0 TLS not available due to local problem" i assume that it is config problem.

relevent bits of postfix/main.cf below:

virtual_transport = dovecot

smtpd_sasl_auth_enable = yes

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_client_restrictions=

 permit_inet_interfaces,

 permit_mynetworks,

 permit_sasl_authenticated,

 permit

smtpd_sender_restrictions=

 reject_non_fqdn_sender,

 permit

smtpd_reject_unlisted_sender = yes

smtpd_recipient_restrictions=

 permit_mynetworks,

 reject_non_fqdn_recipient

 permit_sasl_authenticated

 reject_unauth_destination

 permit

smtpd_tls_security_level = may

smtpd_tls_cert_file = /root/mycerts/server.crt

smtpd_tls_key_file = /root/mycerts/server.key

Thanks

Trothigar

EDIT: solved it. I was using an encrypted which postfix doen't like. dencrypted the key and that solved it

----------

