On Mon, Sep 05, 2016 at 03:25:40AM -0700, rei wrote:
> I keep getting these errors when trying to send email using TLS connection:
Is the system that's logging the below sending or receiving email?
> SSL3 alert read:fatal:unknown CA SSL_accept:failed in SSLv3 read client
> certificate A
> SSL_accept error from xxx.com[159.203.103.107]: 0
> warning: TLS library problem: 6605:error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1259:SSL alert
> number 48:
Your summarization of the log entries renders them useless. Make
sure to post complete in-order log entries from a single connection
(consecutive log entries from the same Postfix "smtp" or "smtpd"
process id). For example:
Sep 2 16:57:19 amnesiac postfix/smtpd[1799]:
connect from m70-73.cratejoy.com[166.78.70.73]
Sep 2 16:57:19 amnesiac postfix/smtpd[1799]:
SSL_accept error from m70-73.cratejoy.com[166.78.70.73]: 0
Sep 2 16:57:19 amnesiac postfix/smtpd[1799]: warning:
TLS library problem: error:14094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate:s3_pkt.c:1472:SSL alert number 42:
Sep 2 16:57:19 amnesiac postfix/smtpd[1799]:
lost connection after STARTTLS from m70-73.cratejoy.com[166.78.70.73]
Sep 2 16:57:19 amnesiac postfix/smtpd[1799]:
disconnect from m70-73.cratejoy.com[166.78.70.73]
ehlo=1 starttls=0/1 commands=1/2
with all the stuff you deleted from the front. Fold long lines by
adding leading whitespace to line contintuations:
1st long line that needs to be folded to make it readable on
screens that are not hundreds of bytes wide.
2nd long line that needs to be folded to make it readable on
screens that are not hundreds of bytes wide.
...
> The certificate is self-signed (generated using OpenSSL) and it has been
> added to Postfix configuration:
> smtpd_tls_cert_file = /etc/pki/tls/certs/server.pem
> smtpd_tls_key_file = $smtpd_tls_cert_file
>
> What caused those errors? How to fix them?
Post unmangled logs and follow the instructions in
http://www.postfix.org/DEBUG_README.html#mail
--
Viktor.
