# postfix tls problem [solved]

## asv

I'm trying to send a message on my postfix server via tls and I get a STARTTLS failed message and the following log message in /var/log/messages:

```

Feb  9 00:15:23 snoot postfix/smtpd[16661]: connect from unknown[69.162.40.31]

Feb  9 00:15:23 snoot postfix/smtpd[16661]: match_list_match: unknown: no match

Feb  9 00:15:23 snoot postfix/smtpd[16661]: match_list_match: 69.162.40.31: no match

Feb  9 00:15:23 snoot postfix/smtpd[16661]: match_list_match: unknown: no match

Feb  9 00:15:23 snoot postfix/smtpd[16661]: match_list_match: 69.162.40.31: no match

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 220 ivoss.com ESMTP Postfix

Feb  9 00:15:23 snoot postfix/smtpd[16661]: watchdog_pat: 0x80a9ba8

Feb  9 00:15:23 snoot postfix/smtpd[16661]: < unknown[69.162.40.31]: EHLO 192.168.1.103

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-ivoss.com

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-PIPELINING

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-SIZE 10240000

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-VRFY

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-ETRN

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-STARTTLS

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-AUTH LOGIN PLAIN

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250-AUTH=LOGIN PLAIN

Feb  9 00:15:23 snoot postfix/smtpd[16661]: match_list_match: unknown: no match

Feb  9 00:15:23 snoot postfix/smtpd[16661]: match_list_match: 69.162.41.31: no match

Feb  9 00:15:23 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 250 8BITMIME

Feb  9 00:15:23 snoot postfix/smtpd[16661]: watchdog_pat: 0x80a9ba8

Feb  9 00:15:24 snoot postfix/smtpd[16661]: < unknown[69.162.40.31]: STARTTLS

Feb  9 00:15:24 snoot postfix/smtpd[16661]: > unknown[69.162.40.31]: 454 TLS not available due to temporary reason

Feb  9 00:15:24 snoot postfix/smtpd[16661]: watchdog_pat: 0x80a9ba8

Feb  9 00:15:24 snoot postfix/smtpd[16661]: smtp_get: EOF

Feb  9 00:15:24 snoot postfix/smtpd[16661]: lost connection after STARTTLS from unknown[69.162.40.31]

Feb  9 00:15:24 snoot postfix/smtpd[16661]: disconnect from unknown[69.162.40.31]

Feb  9 00:15:24 snoot postfix/smtpd[16661]: master_notify: status 1

Feb  9 00:15:24 snoot postfix/smtpd[16661]: connection closed

Feb  9 00:15:24 snoot postfix/smtpd[16661]: watchdog_stop: 0x80a9ba8

Feb  9 00:15:24 snoot postfix/smtpd[16661]: watchdog_start: 0x80a9ba8

(END)

```

Any ideas? I get this message even when checking for supported types in my client. Here is my saslauthd config:

/etc/sasl2/smtpd.conf

```

pwcheck_method: auxprop

auxprop_plugin: sql

sql_engine: mysql

sql_hostnames: localhost

sql_user: mailsql

sql_passwd: **********

sql_database: mailsql

sql_select: select clear from users where email = '%u@%r'

mech_list: plain login

pwcheck_method: saslauthd

mech_list: LOGIN PLAIN

```

/etc/postfix/main.cf

```

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

smtpd_client_restrictions = permit_sasl_authenticated,

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

broken_sasl_auth_clients = yes

# postfix tls

smtpd_use_tls=yes

#smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/ssl/postfix/newreq.pem

smtpd_tls_cert_file = /etc/ssl/postfix/newcrt.pem

smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

```

Any help would be greatly appreciated.Last edited by asv on Thu Feb 10, 2005 3:56 am; edited 1 time in total

----------

## langthang

```
smtpd_tls_key_file = /etc/ssl/postfix/newreq.pem

smtpd_tls_cert_file = /etc/ssl/postfix/newcrt.pem

smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem
```

check those files. exist and valid? there is known issue with openssl-0.9.7d. update to openssl-0.9.7e, then generate new certs to see if it help. BTW, what is your postfix version?

----------

## asv

 *langthang wrote:*   

> 
> 
> ```
> smtpd_tls_key_file = /etc/ssl/postfix/newreq.pem
> 
> ...

 

Those did not exist! I changed it to the certs that were there and it worked just fine. Thanks so much for your help!

----------

## infecticide

I have the same issue however the message is slightly different, however I believe it means the same thing, so i'll post the goods and see what i've done wrong.

/etc/postfix/main.cf

```

# SSL and SASL Support

smtpd_sasl_auth_enable = yes

#smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =

smtpd_client_restrictions = permit_sasl_authenticated, reject

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, re$

smtpd_use_tls = yes

smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/postfix/newreq.pem

smtpd_tls_cert_file = /etc/postfix/newcert.pem

smtpd_tls_CAfile = /etc/postfix/cacert.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

```

/var/log/mail/current

```

Aug  7 15:37:49 [postfix/smtpd] attr_clnt_connect: connected to private/tlsmgr

Aug  7 15:37:49 [postfix/smtpd] send attr request = seed

Aug  7 15:37:49 [postfix/smtpd] send attr size = 32

Aug  7 15:37:49 [postfix/smtpd] private/tlsmgr: wanted attribute: status

Aug  7 15:37:49 [postfix/smtpd] input attribute name: status

Aug  7 15:37:49 [postfix/smtpd] input attribute value: 0

Aug  7 15:37:49 [postfix/smtpd] private/tlsmgr: wanted attribute: seed

Aug  7 15:37:49 [postfix/smtpd] input attribute name: seed

Aug  7 15:37:49 [postfix/smtpd] input attribute value: O32RE+Fe7TpeylTSaLut2gMv11npeI/4m9Bloo+EPME=

Aug  7 15:37:49 [postfix/smtpd] private/tlsmgr: wanted attribute: (list terminator)

Aug  7 15:37:49 [postfix/smtpd] input attribute name: (end)

Aug  7 15:37:49 [postfix/smtpd] warning: cannot get private key from file /etc/postfix/newreq.pem

Aug  7 15:37:49 [postfix/smtpd] warning: TLS library problem: 15152:error:0B080074:x509 certificate routines:X509_check_priv$

Aug  7 15:37:49 [postfix/smtpd] cannot load RSA certificate and key data

Aug  7 15:37:49 [postfix/smtpd] match_string: fast_flush_domains ~? debug_peer_list

Aug  7 15:37:49 [postfix/smtpd] match_string: fast_flush_domains ~? fast_flush_domains

Aug  7 15:37:49 [postfix/smtpd] attr_clnt_create: transport=local endpoint=private/anvil

Aug  7 15:37:49 [postfix/smtpd] connection established

Aug  7 15:37:49 [postfix/smtpd] master_notify: status 0

Aug  7 15:37:49 [postfix/smtpd] name_mask: resource

Aug  7 15:37:49 [postfix/smtpd] name_mask: software

Aug  7 15:37:49 [postfix/smtpd] name_mask: noanonymous

Aug  7 15:37:49 [postfix/smtpd] connect from infecticide.no-ip.org[24.72.81.60]

Aug  7 15:37:49 [postfix/smtpd] match_list_match: infecticide.no-ip.org: no match

Aug  7 15:37:49 [postfix/smtpd] match_list_match: 24.72.81.60: no match

Aug  7 15:37:49 [postfix/smtpd] match_list_match: infecticide.no-ip.org: no match

Aug  7 15:37:49 [postfix/smtpd] match_list_match: 24.72.81.60: no match

Aug  7 15:37:49 [postfix/smtpd] match_hostname: infecticide.no-ip.org ~? 24.72.81.0/24

Aug  7 15:37:49 [postfix/smtpd] match_hostaddr: 24.72.81.60 ~? 24.72.81.0/24

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 220 infecticide.no-ip.org ESMTP Postfix

Aug  7 15:37:49 [postfix/smtpd] < infecticide.no-ip.org[24.72.81.60]: EHLO infecticide.no-ip.org

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-infecticide.no-ip.org

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-PIPELINING

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-SIZE 10240000

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-VRFY

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-ETRN

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-STARTTLS

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-AUTH LOGIN PLAIN

Aug  7 15:37:49 [postfix/smtpd] match_list_match: infecticide.no-ip.org: no match

Aug  7 15:37:49 [postfix/smtpd] match_list_match: 24.72.81.60: no match

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250-AUTH=LOGIN PLAIN

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 250 8BITMIME

Aug  7 15:37:49 [postfix/smtpd] < infecticide.no-ip.org[24.72.81.60]: STARTTLS

Aug  7 15:37:49 [postfix/smtpd] > infecticide.no-ip.org[24.72.81.60]: 454 TLS not available due to local problem

Aug  7 15:37:49 [postfix/smtpd] smtp_get: EOF

Aug  7 15:37:49 [postfix/smtpd] match_hostname: infecticide.no-ip.org ~? 24.72.81.0/24

Aug  7 15:37:49 [postfix/smtpd] match_hostaddr: 24.72.81.60 ~? 24.72.81.0/24

Aug  7 15:37:49 [postfix/smtpd] lost connection after STARTTLS from infecticide.no-ip.org[24.72.81.60]

Aug  7 15:37:49 [postfix/smtpd] disconnect from infecticide.no-ip.org[24.72.81.60]

Aug  7 15:37:49 [postfix/smtpd] master_notify: status 1

Aug  7 15:37:49 [postfix/smtpd] connection closed

```

----------

## flowolf

infecticide, I have the same problem, did you solve it?

----------

## infecticide

I gave up on postfix and mail servers in general.    I can get incoming and outgoing working fine without auth.  After I place auth in the mix it fubars.   Sorry I can't be of more help.

I suggest reading these two things over and over until something clicks   :Laughing: 

https://forums.gentoo.org/viewtopic.php?t=56633&highlight=postfix+howto

http://www.gentoo.org/doc/en/virt-mail-howto.xml (It works up to Step 4, incoming/outbound work then start the problems after step 4 is started.)

----------

## guzik

Change the title of the post to Abandoned not Solved

----------

