Postfix SMTP server: errors

**theprincy** · Jun 13th 2016

I have this error

Code

Transcript of session follows.
Out: 220 xxxxxxxxxxxxxxx ESMTP i-MSCP Git 1.3.x Managed
In: EHLO mail-wm0-f68.google.com
Out: 250-xxxxxxxxxxxxxxx
Out: 250-PIPELINING
Out: 250-SIZE
Out: 250-VRFY
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Out: 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: STARTTLS
Out: 454 4.7.0 TLS not available due to local problem
Session aborted, reason: lost connection
For other details, see the local mail logfile

Display More

I made several steps including upgrade ca-certificated , removed smtpd_tls_CAfile from main.cf, install ssl for panel, but I could not solve, someone has any idea how to do?

**Nuxwin** · Jun 13th 2016

Hello,

We need more information:

Distro? Codename?
i-MSCP 1.3.x from when?
main.cf content?
master.cf content?

Also please

Set the value of smtpd_tls_loglevel parameter to 2 in your main.cf
Restart Postfix
Do a tail -fn0 /var/log/mail.log
Try a SMTP session again (with TLS)
Post the log output

**theprincy** · Jun 13th 2016

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 7.11 (wheezy)
Release: 7.11
Codename: wheezy

2) today

3) main.cf content

Code

### Common parameters#inet_protocols = ipv4inet_interfaces = allmynetworks_style = hostsmtp_bind_address = 5.9.163.245smtp_bind_address6 = myhostname = moon.notelseit.commydomain = moon.notelseit.com.localmyorigin = $myhostnamesmtpd_banner = $myhostname ESMTPappend_dot_mydomain = noappend_at_myorigin = yesbiff = norecipient_delimiter = +message_size_limit = 0### Local delivery parameters#mydestination = $myhostname, $mydomainalias_database = hash:/etc/aliasesalias_maps = hash:/etc/aliaseslocal_transport = locallocal_destination_recipient_limit = 1local_recipient_maps = unix:passwd.byname $alias_databasemail_spool_directory = /var/mailmailbox_size_limit = 0### Virtual delivery parameters#virtual_mailbox_base = /var/mail/virtualvirtual_mailbox_limit = 0virtual_mailbox_domains = hash:/etc/postfix/imscp/domainsvirtual_mailbox_maps = hash:/etc/postfix/imscp/mailboxesvirtual_alias_domains =virtual_alias_maps = hash:/etc/postfix/imscp/aliasesvirtual_minimum_uid = 999virtual_uid_maps = static:999virtual_gid_maps = static:8### Relay parameters#relay_domains = hash:/etc/postfix/imscp/relay_domainsrelay_recipient_maps =relay_transport = relayrelayhost =### Transport parameters#transport_maps = hash:/etc/postfix/imscp/transport### SMTP restrictions#smtpd_helo_required = yessmtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permitsmtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permitsmtpd_relay_restrictions =smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, permitsmtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining### i-MSCP responder parameters#imscp-arpl_destination_recipient_limit = 1### Other parameters## Those parameters are added dynamically by i-MSCP or 3rd-party softwares## Maildrop MDA parametersvirtual_transport = maildropmaildrop_destination_concurrency_limit = 1maildrop_destination_recipient_limit = 1# Cyrus SASL parameterssmtpd_sasl_type = cyrussmtpd_sasl_path = smtpdsmtpd_sasl_auth_enable = yessmtpd_sasl_security_options = noanonymousbroken_sasl_auth_clients = yessmtpd_sasl_authenticated_header = yes# smtpd TLS parameters (opportunistic)smtpd_tls_security_level = maysmtpd_tls_ciphers = highsmtpd_tls_exclude_ciphers = aNULL, MD5smtpd_tls_protocols = !SSLv2, !SSLv3smtpd_tls_loglevel = 1smtpd_tls_cert_file = /etc/imscp/imscp_services.pemsmtpd_tls_key_file = /etc/imscp/imscp_services.pemsmtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crtsmtpd_tls_auth_only = nosmtpd_tls_received_header = yessmtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scachesmtpd_tls_session_cache_timeout = 3600s

4) master.cf content

Shell-Script

# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - y - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# i-MSCP autoresponder
imscp-arpl unix - n n - - pipe
flags=O user=vmail:imscp argv=/var/www/imscp/engine/messenger/imscp-arpl-msgr $recipient
maildrop unix - n n - - pipe
flags=DRhu user=vmail:mail argv=maildrop -w 90 -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}

Display More

**theprincy** · Jun 13th 2016

Code

ay=0.26, delays=0.13/0.01/0/0.12, dsn=2.0.0, status=sent (forwarded as 90FF425616C)
Jun 13 16:43:06 moon postfix/qmgr[24695]: 706FB25616B: removed
Jun 13 16:43:06 moon postfix/pipe[24806]: 90FF425616C: to=<[email protected]>, orig_to=<postmaster>, relay=maildrop, delay=0.24, delays=0.12/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via maildrop service)
Jun 13 16:43:06 moon postfix/qmgr[24695]: 90FF425616C: removed
Jun 13 16:43:37 moon postfix/smtpd[24697]: connect from unknown[155.133.82.76]
Jun 13 16:43:37 moon postfix/smtpd[24697]: warning: unknown[155.133.82.76]: SASL LOGIN authentication failed: authentication failure
Jun 13 16:43:37 moon postfix/smtpd[24697]: lost connection after AUTH from unknown[155.133.82.76]
Jun 13 16:43:37 moon postfix/smtpd[24697]: disconnect from unknown[155.133.82.76]
Jun 13 16:44:40 moon imapd-ssl: couriertls: /etc/imscp/imscp_services.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Jun 13 16:44:40 moon imapd-ssl: couriertls: /etc/imscp/imscp_services.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Jun 13 16:44:40 moon imapd-ssl: couriertls: /etc/imscp/imscp_services.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Jun 13 16:45:01 moon postfix/pickup[24694]: 3E53325616C: uid=1003 from=<vu2006>

Display More

**Nuxwin** · Jun 13th 2016

@theprincy

I've just made a test with 1.3.x from now and I cannot reproduce the problem.

Code

root@precise:/usr/local/src/imscp# clear && tail -fn0 /var/log/mail.log
Jun 13 17:34:59 precise postfix/smtpd[31924]: initializing the server-side TLS engine
Jun 13 17:34:59 precise postfix/smtpd[31924]: connect from unknown[192.168.1.100]
Jun 13 17:34:59 precise postfix/smtpd[31924]: setting up TLS connection from unknown[192.168.1.100]
Jun 13 17:34:59 precise postfix/smtpd[31924]: unknown[192.168.1.100]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH:!aNULL:!MD5"
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:before/accept initialization
Jun 13 17:34:59 precise postfix/smtpd[31924]: unknown[192.168.1.100]: looking up session E029B303F17D23C445DA11108435F6E5A34FB360D9B7433D69FBE223F8D08BE6&s=submission&l=268439567 in smtpd cache
Jun 13 17:34:59 precise postfix/tlsmgr[31920]: lookup smtpd session id=E029B303F17D23C445DA11108435F6E5A34FB360D9B7433D69FBE223F8D08BE6&s=submission&l=268439567
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 read client hello A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 write server hello A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 write certificate A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 write key exchange A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 write server done A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 flush data
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 read client key exchange A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 read finished A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 write change cipher spec A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 write finished A
Jun 13 17:34:59 precise postfix/smtpd[31924]: SSL_accept:SSLv3 flush data
Jun 13 17:34:59 precise postfix/smtpd[31924]: unknown[192.168.1.100]: save session 4BF30C377FF6F8D88B70FE56EEE2D3F8057F324955FDF2E647CB1893D2311237&s=submission&l=268439567 to smtpd cache
Jun 13 17:34:59 precise postfix/tlsmgr[31920]: put smtpd session id=4BF30C377FF6F8D88B70FE56EEE2D3F8057F324955FDF2E647CB1893D2311237&s=submission&l=268439567 [data 145 bytes]
Jun 13 17:34:59 precise postfix/tlsmgr[31920]: write smtpd TLS cache entry 4BF30C377FF6F8D88B70FE56EEE2D3F8057F324955FDF2E647CB1893D2311237&s=submission&l=268439567: time=1465832099 [data 145 bytes]
Jun 13 17:34:59 precise postfix/smtpd[31924]: Anonymous TLS connection established from unknown[192.168.1.100]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jun 13 17:34:59 precise dovecot: auth-worker: mysql(localhost): Connected to database imscp
Jun 13 17:34:59 precise postfix/smtpd[31924]: 4C8917BD9: client=unknown[192.168.1.100], sasl_method=CRAM-MD5, [email protected]
Jun 13 17:34:59 precise postfix/cleanup[31930]: 4C8917BD9: message-id=<[email protected]>
Jun 13 17:34:59 precise spamd[30214]: spamd: connection from precise.nuxwin.com.local [127.0.0.1] at port 55228
Jun 13 17:34:59 precise spamd[30214]: spamd: processing message <[email protected]> for [email protected]:998
Jun 13 17:34:59 precise spamd[30214]: spamd: clean message (-1.0/5.0) for [email protected]:998 in 0.3 seconds, 622 bytes.
Jun 13 17:34:59 precise spamd[30214]: spamd: result: . -1 - ALL_TRUSTED scantime=0.3,size=622,[email protected],uid=998,required_score=5.0,rhost=precise.nuxwin.com.local,raddr=127.0.0.1,rport=55228,mid=<[email protected]>,autolearn=ham
Jun 13 17:34:59 precise postfix/qmgr[31917]: 4C8917BD9: from=<[email protected]>, size=727, nrcpt=1 (queue active)
Jun 13 17:34:59 precise postfix/smtpd[31924]: disconnect from unknown[192.168.1.100]
Jun 13 17:34:59 precise dovecot: lda([email protected]): msgid=<[email protected]>: saved mail to INBOX
Jun 13 17:34:59 precise postfix/pipe[31933]: 4C8917BD9: to=<[email protected]>, relay=dovecot, delay=0.33, delays=0.32/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Jun 13 17:34:59 precise postfix/qmgr[31917]: 4C8917BD9: removed
Jun 13 17:34:59 precise spamd[30211]: prefork: child states: II

Display More

I made the test under Ubuntu precise. I'll do a test with Wheezy soon but this should not change anything.

**theprincy** · Jun 13th 2016

i cant send you account or teamviever

**theprincy** · Jun 14th 2016

i have this error

Jun 14 06:23:39 moon postfix/smtpd[5965]: initializing the server-side TLS engine
Jun 14 06:23:39 moon postfix/tlsmgr[5966]: open smtpd TLS cache btree:/var/lib/postfix/smtpd_scache
Jun 14 06:23:39 moon postfix/tlsmgr[5966]: tlsmgr_cache_run_event: start TLS smtpd session cache cleanup
Jun 14 06:23:39 moon postfix/smtpd[5965]: warning: cannot get RSA private key from file /etc/imscp/imscp_services.pem: disabling TLS support
Jun 14 06:23:39 moon postfix/smtpd[5965]: warning: TLS library problem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:330:

**theprincy** · Jun 14th 2016

I resolved, after trying several times to activate the ssl by reconfiguring , always he gave as an error "

Code

[ERROR] Package::FrontEnd::start: Could not start the nginx service: iMSCP::Provider::Service::Sysvinit::_exec: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/imscp/admin.moon.notelseit.com.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) at /var/www/imscp/engine/setup/../PerlLib/iMSCP/Service.pm line 158.

", now seems to be going, but created another problem, all emails are redirected account info , although there are other accounts configured

**Nuxwin** · Jun 14th 2016

All problems come from the same source here: Your private KEY is not ok. Fix it.

Postfix SMTP server: errors

Share

Similar Threads

I-MSCP and rspamd

Daily visitors