On 12/12/12 18:05, Tony Nelson wrote:
I just upgraded my Ubuntu server from 10.04 to 12.04 which upgraded
Postfix to 2.9.1-4. The postfix server sits behind my firewall, in
front of my corporate Exchange servers.
After the upgrade I found that my exchange servers would/could no
longer send mail. I got the following error:
Dec 12 18:48:41 mail postfix/smtpd[3093]: lost connection after EHLO
from NY-HUBT02.WIN.STARPOINT.COM
<http://NY-HUBT02.WIN.STARPOINT.COM>[192.168.43.19]
A bit of googling pointed me to TLS issues. After trying several
things, I commented out my TLS configuration parameters, and sure
enough all of the mail flowed out of my Exchange servers, so the
problem is definitely TLS related.
These are my commented out TLS parameters:
# TLS parameters
# smtp_tls_security_level = may
# smtpd_tls_security_level = may
# smtpd_tls_cert_file = /etc/ssl/certs/starpoint.crt
# smtpd_tls_key_file = /etc/ssl/private/starpoint.key
# smtpd_tls_CAfile = /etc/ssl/certs/gd_bundle.crt
# smtpd_tls_loglevel = 2
# smtpd_use_tls=yes
# smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
The certificate I am using for the TLS on the Postfix server is a
wildcard certificate for starpoint.com <http://starpoint.com> from
GoDaddy.
The certificate that Exchange uses is a specific certificate for
exchange.starpoint.com <http://exchange.starpoint.com>, also from GoDaddy.
I think it's in my best interest to get TLS operational again. I've
re-read http://www.postfix.org/TLS_README.html again and nothing is
jumping out at me.
What is my best next step to solve this problem.
Thank you very much for any advice.
Tony Nelson
Starpoint Solutions
------------------------------------------------------------------------
Since 1982, Starpoint Solutions has been a trusted source of human
capital and solutions. We are committed to our clients, employees,
environment, community and social concerns. We foster an inclusive
culture based on trust, respect, honesty and solid performance. Learn
more about Starpoint and our social responsibility at
http://www.starpoint.com/social_responsibility
------------------------------------------------------------------------
This email message from Starpoint Solutions LLC is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact
the sender by reply email and destroy all copies of the original
message. Opinions, conclusions and other information in this message
that do not relate to the official business of Starpoint Solutions
shall be understood as neither given nor endorsed by it.
Changing smtpd_tls_loglevel to 3 might provide more useful debugging
output, which could help you find any issues between Exchange and Postfix.
-Will
