I've been googling a while to find a resolution to this but am not having
the best of luck.
I have a web app trying to connect to postfix to send mail via TLS. It
fails right after authentication. I find a BUNCH of these in the log:
Nov 30 10:10:32 hosting1 postfix/smtpd[11990]: connect from xxxxx[x.x.x.x]
Nov 30 10:10:33 hosting1 postfix/smtpd[11990]: warning: TLS library
problem: 11990:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:337:
Nov 30 10:10:33 hosting1 postfix/smtpd[11990]: lost connection after
STARTTLS from xxxxx[x.x.x.x]
Nov 30 10:10:33 hosting1 postfix/smtpd[11990]: disconnect from
xxxxx[x.x.x.x]
I'm not sure if it's an SSL cert related issue or not. I am using a UCC
cert from GoDaddy and the first name in the list matches the mail server
name.
Suggestions where to go with this?
postconf as follows:
[root@xxx ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 104857600
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, mail.hldns.com
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
check_client_access hash:/etc/postfix/whitelist
check_sender_access hash:/etc/postfix/auto-whtlst
check_client_access cidr:/etc/postfix/blacklist.cidr
reject_unknown_reverse_client_hostname reject_non_fqdn_sender
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname reject_unlisted_recipient
check_client_access pcre:/etc/postfix/fqrdns.pcre reject_rbl_client
zen.spamhaus.org reject_rhsbl_client dbl.spamhaus.org
reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo
dbl.spamhaus.org check_policy_service inet:127.0.0.1:60000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
Thanks,
Steffan
---------------------------------------------------------------
T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4
Steffan A. Cline stef...@execuchoice.net
http://www.ExecuChoice.net Phoenix, Arizona USA
---------------------------------------------------------------
