Results 1 to 5 of 5

Thread: STARTTLS SMTP Error

  1. #1

    Question STARTTLS SMTP Error

    This error occurred always when I try to send one email using my server and authentication STARTTLS. Here message from mailer daemon:

    Signature: Postfix SMTP server: errors from unknown[187.75.4.156]

    Message:

    Code:
    Transcript of session follows.
    
     Out: 220 age1.com.br ESMTP Postfix
     In:  EHLO [192.168.1.101]
     Out: 250-age1.com.br
     Out: 250-PIPELINING
     Out: 250-SIZE 20480000
     Out: 250-ETRN
     Out: 250-STARTTLS
     Out: 250-AUTH DIGEST-MD5 LOGIN CRAM-MD5 PLAIN
     Out: 250-ENHANCEDSTATUSCODES
     Out: 250-8BITMIME
     Out: 250 DSN
     In:  STARTTLS
     Out: 454 4.7.0 TLS not available due to local problem
     In:  QUIT
     Out: 221 2.0.0 Bye
    
    
    For other details, see the local mail logfile
    /usr/local/psa/var/log/maillog

    Code:
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: cannot get RSA certificate from file /etc/postfix/postfix_default.pem: disabling TLS support
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/etc/postfix/postfix_default.pem','r'):
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:
    Jul 10 14:15:38 ip-172-31-27-123 postfix/smtpd[26508]: connect from registration.parallels.com[199.115.105.22]
    Jul 10 14:15:39 ip-172-31-27-123 postfix/smtpd[26508]: CEDFD834D2: client=registration.parallels.com[199.115.105.22]
    Jul 10 14:15:40 ip-172-31-27-123 postfix/cleanup[26512]: CEDFD834D2: message-id=<20130710_181524_053074.parallels@parallelscentral.com>
    Jul 10 14:15:40 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: SKIP
    Jul 10 14:15:40 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: SKIP during call 'check-quota' handler
    Jul 10 14:15:40 ip-172-31-27-123 spf filter[26514]: Starting spf filter...
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: Error code: (2) Could not find a valid SPF record
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: Failed to query MAIL-FROM: No DNS data for 'parallelscentral.com'.
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: SPF result: none
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: SPF status: PASS
    Jul 10 14:15:41 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: PASS
    Jul 10 14:15:41 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: PASS during call 'spf' handler
    Jul 10 14:15:41 ip-172-31-27-123 postfix/qmgr[25637]: CEDFD834D2: from=<parallels@parallelscentral.com>, size=2696, nrcpt=1 (queue active)
    Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: postfix-local: from=parallels@parallelscentral.com, to=webmaster@age1.com.br, dirname=/var/qmail/mailnames
    Jul 10 14:15:41 ip-172-31-27-123 dk_check[26517]: DK_STAT_NOSIG: No signature available in message
    Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: handlers_stderr: PASS
    Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: PASS during call 'dd52-domainkeys' handler
    Jul 10 14:15:41 ip-172-31-27-123 postfix/pipe[26515]: CEDFD834D2: to=<webmaster@age1.com.br>, relay=plesk_virtual, delay=2.7, delays=2.6/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
    Jul 10 14:15:41 ip-172-31-27-123 postfix/qmgr[25637]: CEDFD834D2: removed
    Jul 10 14:15:41 ip-172-31-27-123 postfix/smtpd[26508]: disconnect from registration.parallels.com[199.115.105.22]
    Jul 10 14:15:44 ip-172-31-27-123 postfix/smtpd[26508]: connect from registration.parallels.com[199.115.105.22]
    Jul 10 14:15:45 ip-172-31-27-123 postfix/smtpd[26508]: 7E35A834D2: client=registration.parallels.com[199.115.105.22]
    Jul 10 14:15:45 ip-172-31-27-123 postfix/cleanup[26512]: 7E35A834D2: message-id=<20130710_181532_040494.parallels@parallelscentral.com>
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: SKIP
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: SKIP during call 'check-quota' handler
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Starting spf filter...
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Error code: (2) Could not find a valid SPF record
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Failed to query MAIL-FROM: No DNS data for 'parallelscentral.com'.
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: SPF result: none
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: SPF status: PASS
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: PASS
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: PASS during call 'spf' handler
    Jul 10 14:15:45 ip-172-31-27-123 postfix/qmgr[25637]: 7E35A834D2: from=<parallels@parallelscentral.com>, size=2696, nrcpt=1 (queue active)
    Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: postfix-local: from=parallels@parallelscentral.com, to=webmaster@age1.com.br, dirname=/var/qmail/mailnames
    Jul 10 14:15:45 ip-172-31-27-123 dk_check[26523]: DK_STAT_NOSIG: No signature available in message
    Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: handlers_stderr: PASS
    Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: PASS during call 'dd52-domainkeys' handler
    Jul 10 14:15:46 ip-172-31-27-123 postfix/pipe[26515]: 7E35A834D2: to=<webmaster@age1.com.br>, relay=plesk_virtual, delay=0.68, delays=0.65/0/0/0.03, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
    Jul 10 14:15:46 ip-172-31-27-123 postfix/qmgr[25637]: 7E35A834D2: removed
    Jul 10 14:15:46 ip-172-31-27-123 postfix/smtpd[26508]: disconnect from registration.parallels.com[199.115.105.22]
    Any help please???



  2. #2
    Tera Poster
    Join Date
    Jul 2012
    Posts
    840

    Default

    postfix/smtpd[26508]: warning: cannot get RSA certificate from file /etc/postfix/postfix_default.pem: disabling TLS support
    Apparently, you don't have /etc/postfix/postfix_default.pem file. Restore it with proper content and permissions and you should be OK. Please, address Postfix documentation for details.
    Serve this machine, as you would have fight it for you.



  3. #3

    Default

    This problem occured when I deploied Parallels Plesk Panel 11 on Amazon EC2 service. I did it and solved the problem:

    Code:
    mkdir /etc/postfix/tls
    chown root:postfix /etc/postfix/tls
    chmod u=rwx,go= /etc/postfix/tls
    cd /etc/postfix/tls
    openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
    Then I changed /etc/postfix/main.cf

    Code:
    smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
    smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
    smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    smtp_tls_security_level = may
    smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
    smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
    smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
    smtp_use_tls = yes
    smtpd_tls_received_header = yes
    smtpd_tls_ask_ccert = yes
    smtpd_tls_loglevel = 1
    tls_random_source = dev:/dev/urandom
    Reload postfix

    Code:
    postfix reload
    And works perfectly



  4. #4

    Default

    Had the same problem with a brand new Plesk 12.
    Instead of modifying /etc/postfix/main.cf, I just had to copy the freshly created smtpd.pem to /etc/pki/[myhostname].pem (look for smtpd_tls_cert_file directive which is already in /etc/postfix/main.cf)
    And it worked perfectly after a "postfix reload".



  5. #5
    Kilo Poster
    Join Date
    Jun 2007
    Posts
    47

    Default

    Thanks , this helped me locate my issue.

    I am using the AWS Pleck EC2 instance sold in the AWS Marketplace.

    So, the the /etc/postfix/postfix_default.pem is not there by default.

    This is the location the etc/postfix/main.cf says where the cert should be, yet it is not.

    The fix, cd into /etc/postfix/ and run the following command to create the cert. ...

    Code:
    openssl req -new -x509 -nodes -out postfix_default.pem -keyout postfix_default.pem -days 3650
    Hope this helps :-)
    Last edited by yabado; Jul 14, 2014 at 06:08 AM.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •