I just upgraded my Ubuntu server from 10.04 to 12.04 which upgraded Postfix to 2.9.1-4. The postfix server sits behind my firewall, in front of my corporate Exchange servers.
After the upgrade I found that my exchange servers would/could no longer send mail. I got the following error: Dec 12 18:48:41 mail postfix/smtpd[3093]: lost connection after EHLO from NY-HUBT02.WIN.STARPOINT.COM<http://NY-HUBT02.WIN.STARPOINT.COM>[192.168.43.19] A bit of googling pointed me to TLS issues. After trying several things, I commented out my TLS configuration parameters, and sure enough all of the mail flowed out of my Exchange servers, so the problem is definitely TLS related. These are my commented out TLS parameters: # TLS parameters # smtp_tls_security_level = may # smtpd_tls_security_level = may # smtpd_tls_cert_file = /etc/ssl/certs/starpoint.crt # smtpd_tls_key_file = /etc/ssl/private/starpoint.key # smtpd_tls_CAfile = /etc/ssl/certs/gd_bundle.crt # smtpd_tls_loglevel = 2 # smtpd_use_tls=yes # smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache # smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache The certificate I am using for the TLS on the Postfix server is a wildcard certificate for starpoint.com<http://starpoint.com> from GoDaddy. The certificate that Exchange uses is a specific certificate for exchange.starpoint.com<http://exchange.starpoint.com>, also from GoDaddy. I think it's in my best interest to get TLS operational again. I've re-read http://www.postfix.org/TLS_README.html again and nothing is jumping out at me. What is my best next step to solve this problem. Thank you very much for any advice. Tony Nelson Starpoint Solutions ________________________________ Since 1982, Starpoint Solutions has been a trusted source of human capital and solutions. We are committed to our clients, employees, environment, community and social concerns. We foster an inclusive culture based on trust, respect, honesty and solid performance. Learn more about Starpoint and our social responsibility at http://www.starpoint.com/social_responsibility ________________________________ This email message from Starpoint Solutions LLC is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Opinions, conclusions and other information in this message that do not relate to the official business of Starpoint Solutions shall be understood as neither given nor endorsed by it.
