Hello,
I'm trying to use an smtp_tls_policy_maps with a tafile (2.11.0 on
Ubuntu 14.04.2 LTS) but I receive the error in the subject.
smtp_tls_policy_maps=texthash:/etc/postfix/mymap
mymap:
subdomain.mydomain.com verify
tafile=/var/lib/postfix/my_intermediate
The my_intermediate file contains a valid intermediate CA certificate in
PEM format and it is readable by postfix user:
# openssl x509 -in /var/lib/postfix/my_intermediate -inform pem -noout
-fingerprint
SHA1
Fingerprint=CB:1A:60:EB:50:B2:51:D5:4E:05:01:D0:FD:E2:A0:6D:BF:4F:5B:FC
This is the log:
18:18:56 myhost222 postfix/master[13985]: daemon started -- version
2.11.0, configuration /etc/postfix
[echo "body" | mail -s "subject" recipi...@subdomain.mydomain.com]
18:19:18 myhost222 postfix/pickup[13988]: 9BCE71600700: uid=0
from=<r...@myhost222.mydomain.com>
18:19:18 myhost222 postfix/cleanup[14007]: 9BCE71600700:
message-id=<20150521133918.9bce71600...@myhost222.mydomain.com>
18:19:18 myhost222 postfix/qmgr[13989]: 9BCE71600700:
from=<r...@myhost222.mydomain.com>, size=354, nrcpt=1 (queue active)
18:19:18 myhost222 postfix/smtp[14011]: initializing the client-side TLS
engine
18:19:18 myhost222 postfix/tlsmgr[14012]: warning: request to update
table btree:/smtpd_scache in non-postfix directory /
18:19:18 myhost222 postfix/tlsmgr[14012]: warning: redirecting the
request to postfix-owned data_directory /var/lib/postfix
18:19:18 myhost222 postfix/smtp[14011]: warning: error opening trust
anchor file: /var/lib/postfix/my_intermediate: No such file or directory
18:19:18 myhost222 postfix/qmgr[13989]: warning: private/smtp socket:
malformed response
18:19:18 myhost222 postfix/qmgr[13989]: warning: transport smtp failure
-- see a previous warning/fatal/panic logfile record for the problem
description
18:19:18 myhost222 postfix/master[13985]: warning: process
/usr/lib/postfix/smtp pid 14011 killed by signal 11
18:19:18 myhost222 postfix/master[13985]: warning:
/usr/lib/postfix/smtp: bad command startup -- throttling
18:19:18 myhost222 postfix/error[14013]: 9BCE71600700:
to=<recipi...@subdomain.mydomain.com>, relay=none, delay=0.27,
delays=0.05/0.21/0/0.02, dsn=4.3.0, status=deferred (unknown mail
transport error)
Can someone help me troubleshooting this issue?
Many thanks.
# postconf -Mf
smtp inet n - - - - smtpd -d
submission inet n - - - - smtpd -d
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F
user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop}
${user} ${extension}
mailman unix - n n - - pipe flags=FR
user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
${user}
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = loopback-only
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = localhost, myhost222.mydomain.com
myhostname = myhost222.mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CAfile = /usr/local/share/ca-certificates/mydomain_com_CA.pem
smtp_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtp_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = texthash:/etc/postfix/mymap
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 10
smtpd_client_message_rate_limit = 60
smtpd_client_recipient_rate_limit = 180
smtpd_delay_reject = yes
smtpd_helo_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, reject
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sender_restrictions = reject_unauth_pipelining,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:/smtpd_scache
smtpd_use_tls = yes
--
Pier Carlo Chiodi
http://pierky.com
The opinions expressed here represent my own and not those of any
organization, entity or committee to which I may hold a position.
