On Fri, Dec 30, 2011 at 8:53 AM, Mark <m...@msen.com> wrote: > My apologies for the cross-posting but I believe it is relevant.
That's still typically frowned upon, IMHO. > I have been running postfix for 8+ months without problems. Recently ( a > week or two) I had a user complain that he could no longer send. It appears > that postfix is no longer accepting SSL/TLS connections. STARTTLS is > working on port 587 (and possibly 25, still testing) I am trying to figure > out why the change. > > If I try and open an openssl connection manually, this is what I get: > > openssl s_client -connect mail.myServer.net:587 > CONNECTED(00000003) > 44829:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:478: This command starts speaking the SSL protocol immediately at the beginning of the connection, which is wrong for STARTTLS cases. You need to do this instead: $ openssl s_client -connect mail.myserver.net:587 -starttls smtp The most common SSL-just-stops-working issue is that your certificate expired. Check that by looking for "Not After" in the output of: root@mailserver# openssl x509 -noout -text -in /path/to/server.crt -- Matt Mullins _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
