Trying to send mail results in this error from Thunderbird client:
Sending of message failed.
An error occurred sending mail: Unable to establish a secure link
with SMTP server mail.bsdbox.co using STARTTLS since it doesn't
advertise that feature. Switch off STARTTLS for that server or
contact your service provider.
Which results in this email to postmaster:
<https://forums.freebsd.org/viewtopic.php?f=7&t=43207&p=243246#>
|Transcript of session follows.
Out: 220 mail.bsdbox.co ESMTP Postfix
In: EHLO [10.0.0.66]
Out: 250-mail.bsdbox.co
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-VRFY
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN|
Immediate output to /var/log/maillog:
|Dec 10 11:36:03 mail postfix/smtpd[57120]: warning:
[highlight]cannot get RSA certificate f
rom file /etc/ssl/cert/dovecot.pem: disabling TLS support
Dec 10 11:36:03 mail postfix/smtpd[57120]: warning: TLS library
problem: 57120:e
rror:02001002:system library:fopen:No such file or
directory:/usr/src/secure/lib
/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:356:fopen('/etc/ssl/cer
t/dovecot.pem','r'):[/highlight]
Dec 10 11:36:03 mail postfix/smtpd[57120]: warning: TLS library
problem: 57120:e
rror:20074002:BIO routines:FILE_CTRL:system
lib:/usr/src/secure/lib/libcrypto/..
/../../crypto/openssl/crypto/bio/bss_file.c:358:
Dec 10 11:36:03 mail postfix/smtpd[57120]: warning: TLS library
problem: 57120:e
rror:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system
lib:/usr/sr
c/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:722:|
|Attempt new certificate generation to use different cert than Dovecot:
|
|# openssl ca -policy policy_anything -days 3650 -out server.crt
-infiles server.csr
Using configuration from /etc/ssl/openssl.cnf
[highlight]Error opening CA private key ./demoCA/private/cakey.pem
57089:error:02001002:system library:fopen:No such file or
directory:/usr/src/sec
ure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:356:fopen('./dem
oCA/private/cakey.pem','r')[/highlight]
57089:error:20074002:BIO routines:FILE_CTRL:system
lib:/usr/src/secure/lib/libcr
ypto/../../../crypto/openssl/crypto/bio/bss_file.c:358:
unable to load CA private key|
|Output of postconf -n and dovecot -n:
|
|# postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_
directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = bsdbox.co
myhostname = mail.bsdbox.co
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/cert/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
# dovecot -n
# 2.2.9: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.2-RELEASE i386
disable_plaintext_auth = no
listen = *
mail_location = maildir:~/Maildir:LAYOUT=fs
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
|
|I can connect to server on port 143 and receive TLS confirmation (see:
https://bsdbox.co/cloud/public.php?service=files&t=0321f1ddb437e30dae75d08dc3bf59dc).
However, telnet connection to |port 587 displays no TLS confirmation.
Any help would be appreciated. Thank you.
