I am running Dovecot Version 2.3.21.1 and Postfix version 3.10-20241027. on FreeBAS 14.1 I have two domains on one server each two sub domains, mail and www
Tha appropriarte portion of main.cf is: # SASL CONFIG broken_sasl_auth_clients = yes smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, permit smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, check_client_access hash:/usr/local/etc/postfix/rbl_override, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # TLS CONFIG smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /usr/local/etc/letsencrypt/live/kasdivi.com/privkey.key smtpd_tls_cert_file = /usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_tls_mandatory_protocols= >=TLSv1.2 tls_random_source = dev:/dev/urandom My dovecot 10—ssl.cnf is #### SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before ssl_key = </usr/local/etc/letsencrypt/live/kasdivi.com/privkey.pem ssl_cert = </usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem # gives on startup when ssl_dh is unset. #ssl_dh = </usr/local/etc/ssl/dhparams.pem ssl_min_protocol = TLSv1.2 #ssl_protocols = !SSLv3 !SSLv2 # SSL ciphers to use, the default is: ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH I am getting the following log error oin the mail lo May 5 10:01:31 triggerfish postfix/smtpd[94025]: warning: TLS library problem: error:80000002:system library::No such file or directory:/usr/src/crypto/openssl/crypto/bio/bss_file.c:297:calling fopen(/usr/local/etc/letsencrypt/live/kasdivi.com/privkey.key, r): May 5 10:01:31 triggerfish postfix/smtpd[94025]: warning: TLS library problem: error:10080002:BIO routines::system lib:/usr/src/crypto/openssl/crypto/bio/bss_file.c:300: May 5 10:01:31 triggerfish postfix/smtpd[94025]: warning: TLS library problem: error:0A080002:SSL routines::system lib:/usr/src/crypto/openssl/ssl/ssl_rsa.c:367: M I can receive but not emails. I get the following error email Transcript of session follows. Out: 220 triggerfish.theoceanwindow.com ESMTP Postfix In: EHLO smtpclient.apple Out: 250-triggerfish.theoceanwindow.com Out: 250-PIPELINING Out: 250-SIZE 25600000 Out: 250-VRFY Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-DSN Out: 250-SMTPUTF8 Out: 250 CHUNKING In: STARTTLS Out: 454 4.7.0 TLS not available due to local problem In: MAIL FROM:<ja...@kasdivi.com> Out: 530 5.7.0 Must issue a STARTTLS command first In: QUIT Out: 221 2.0.0 Bye The server passES ssl tests by https://www.ssllabs.com <https://www.ssllabs.com/> The server key matches the certificate My guess is a problem with the certficate ?
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
