[Postfixbuch-users] Postfix und das Liebe TLS

Maximilian Thoma nospam at thoma.cc
Do Nov 8 13:05:06 CET 2007


BrunIGunde schrieb:
>> Das sieht ja soweit gut aus - na ja, AUTH PLAIN über eine ungesicherte
>> Verbindung ist nicht so toll (evt. mal smtpd_tls_auth_only = yes
>> setzen), hat aber mit dem Problem nichts zu tun.
>>
>> Was sagt er, wenn Du versuchst, STARTTLS zu benutzen? Also z.B. via:
>>
>> openssl s_client -starttls smtp -connect <servername>:25
>>
>> oder, falls Du "swaks" hast (das benutze ich sehr gerne zum testen):
>>
>> swaks -tls -auth -au <username> -f <absender> -t <empfänger> -s <server>
>>
>> Falls es da Fehler gibt, denk' bitte dran, auch das Log zu posten. Und
>> der Vollständigkeit halber dann bitte auch die Ausgabe von "postconf -n".
>>
>>
>> Ciao
>> Stefan
> 
> Hi,
> 
> Linus-H1:~/ca# openssl s_client -starttls smtp -connect mail.domain.tld:25
> CONNECTED(00000003)
> 26506:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:567:
> 
> Ich finde in keiner logfile etwas dazu. Dann der swaks Test:
> 
> 
> === Trying mail.wvbrb.de:25...
> === Connected to mail.wvbrb.de.
> <-  220 mx-mailer.domain.tld ESMTP (Mailsystem v2.0)
>  -> EHLO localhost
> <-  250-mx-mailer.domain.tld
> <-  250-PIPELINING
> <-  250-SIZE 30480000
> <-  250-VRFY
> <-  250-ETRN
> <-  250-STARTTLS
> <-  250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
> <-  250-AUTH=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
> <-  250-ENHANCEDSTATUSCODES
> <-  250-8BITMIME
> <-  250 DSN
>  -> STARTTLS
> <** 454 4.3.0 TLS not available due to local problem
>  -> QUIT
> <-  221 2.0.0 Bye
> === Connection closed with remote host.
> 
> Dazu fand sich dann etwas in der Log, der Pfad zum Zertifikat ist aber
> richtig.:
> 
> Nov  8 12:26:45 localhost postfix/smtpd[30206]: warning: TLS library
> problem: 30206:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:26:45 localhost postfix/smtpd[30206]: warning: TLS library
> problem: 30206:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:26:45 localhost postfix/smtpd[30206]: warning: TLS library
> problem: 30206:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:26:45 localhost postfix/smtpd[30207]: warning: TLS library
> problem: 30207:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:26:45 localhost postfix/smtpd[30207]: warning: TLS library
> problem: 30207:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:26:45 localhost postfix/smtpd[30207]: warning: TLS library
> problem: 30207:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:27:09 localhost postfix/smtpd[30247]: warning: TLS library
> problem: 30247:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:27:09 localhost postfix/smtpd[30247]: warning: TLS library
> problem: 30247:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:27:09 localhost postfix/smtpd[30247]: warning: TLS library
> problem: 30247:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:27:09 localhost postfix/smtpd[30248]: warning: TLS library
> problem: 30248:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:27:09 localhost postfix/smtpd[30248]: warning: TLS library
> problem: 30248:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:27:09 localhost postfix/smtpd[30248]: warning: TLS library
> problem: 30248:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:28:27 localhost postfix/smtpd[30405]: warning: TLS library
> problem: 30405:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:28:27 localhost postfix/smtpd[30405]: warning: TLS library
> problem: 30405:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:28:27 localhost postfix/smtpd[30405]: warning: TLS library
> problem: 30405:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:28:27 localhost postfix/smtpd[30406]: warning: TLS library
> problem: 30406:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:28:27 localhost postfix/smtpd[30406]: warning: TLS library
> problem: 30406:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:28:27 localhost postfix/smtpd[30406]: warning: TLS library
> problem: 30406:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:28:27 localhost postfix/smtpd[30407]: warning: TLS library
> problem: 30407:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:28:27 localhost postfix/smtpd[30407]: warning: TLS library
> problem: 30407:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:28:27 localhost postfix/smtpd[30407]: warning: TLS library
> problem: 30407:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:28:30 localhost postfix/smtpd[30409]: warning: TLS library
> problem: 30409:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:28:30 localhost postfix/smtpd[30409]: warning: TLS library
> problem: 30409:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:28:30 localhost postfix/smtpd[30409]: warning: TLS library
> problem: 30409:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:30:21 localhost postfix/smtpd[30613]: warning: TLS library
> problem: 30613:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:30:21 localhost postfix/smtpd[30613]: warning: TLS library
> problem: 30613:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:30:21 localhost postfix/smtpd[30613]: warning: TLS library
> problem: 30613:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> Nov  8 12:30:23 localhost postfix/smtpd[30617]: warning: TLS library
> problem: 30617:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):
> Nov  8 12:30:23 localhost postfix/smtpd[30617]: warning: TLS library
> problem: 30617:error:2006D080:BIO routines:BIO_new_file:no such
> file:bss_file.c:125:
> Nov  8 12:30:23 localhost postfix/smtpd[30617]: warning: TLS library
> problem: 30617:error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib:by_file.c:274:
> 
> Und zuletzt dann noch die Postfix Conf:
> 
> alias_database = hash:/etc/aliases
> alias_maps = $alias_database
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> header_checks = regexp:/etc/postfix/maps/header_checks
> inet_interfaces = all
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> message_size_limit = 30480000
> mydestination = $myhostname $mydomain localhost localhost.$mydomain
> mydomain = mx-mailer.domain.tld
> myhostname = mx-mailer.domain.tld
> mynetworks = 127.0.0.0/8, 192.168.1.0/24
> myorigin = $mydomain
> recipient_delimiter = +
> relay_domains = mx-mailer.domain.tld
> remote_header_rewrite_domain = mx-mailer.domain.tld
> smtp_tls_CAfile = /etc/postfix/ssl/smtpd.pem
> smtp_tls_cert_file = /etc/postfix/ssl/mail.crt
> smtp_tls_key_file = /etc/postfix/ssl/mail.key
> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP (Mailsystem v2.0)
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination, reject_invalid_hostname,
> reject_non_fqdn_recipient, reject_non_fqdn_sender,
> reject_unauth_pipelining, reject_rhsbl_sender blackhole.securitysage.com,
> reject_rhsbl_client blackhole.securitysage.com, reject_rbl_client
> blackholes.easynet.nl, reject_rbl_client sbl-xbl.spamhaus.org
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_CAfile = /etc/postifx/ssl/smtpd.pem
> smtpd_tls_cert_file = /etc/postfix/ssl/mail.crt
> smtpd_tls_key_file = /etc/postfix/ssl/mail.key
> smtpd_tls_loglevel = 2
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> virtual_alias_domains =
> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
> virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gid_maps.cf
> virtual_mailbox_base = /var/kunden/mail/
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
> virtual_mailbox_limit = 51200000
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
> virtual_transport = maildrop
> virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uid_maps.cf
> 
> 
> 
> 
> 
> 

er kann das file nicht öffnen !!!
Nov  8 12:30:21 localhost postfix/smtpd[30613]: warning: TLS library
problem: 30613:error:02001002:system library:fopen:No such file or
directory:bss_file.c:122:fopen('/etc/postifx/ssl/smtpd.pem','r'):

Existieren eigentlich die ganzen Files ???

smtpd_tls_CAfile = /etc/postifx/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/mail.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.key

und achtung linux ist case sensitive !!!!

was gibt  ls -la /etc/postfix/ssl   aus ???
evtl. sind die zugriffsrechte nicht ausreichend !!!

gruß


maximilian



-- 
                                                     \\|//
                                                     (o o)
--------------------------------------------------ooO-(_)-Ooo---
Maximilian Thoma
Resistance is futile ...
Do not use my spamtrap: spamtrap at thoma.cc - Thanks!    Ooo.
-------------------------------------------------.ooO----(  )---
                                                 (  )    (_/
                                                  \_)



Mehr Informationen über die Mailingliste Postfixbuch-users