Hello. Here is the situation in clear detail.
I use Amazon SES and a paid email inbox, to send outgoing mail on my forum
(Using MyBB) which sends out email activation links, subscriptions to
threads, password reset links, etc. This has been working perfectly (without
using postfix) however, after updating my Ubuntu server with just the
general security updates, my mail basically stops working. That's the only
thing I can think of why this has stopped, updating my server. The current
error using what I have been using for the past 7months:
https://gyazo.com/c1ec87177263cc8eadb226f142dd2da1.png
As you can see, I receive: Failed to start TLS encryption
After re-installing OpenSSL and all sorts, nothing works. I've now decided
to use postfix and connect my amazon SES with it, but I currently receive
the following error:
SSL_connect error to email-smtp.eu-west-1.amazonaws.com[52.51.114.192]:25:
-1
localhost postfix/smtp[2100]: warning: TLS library problem:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:794:
93591BEF30: Cannot start TLS: handshake failure
--------------
HERE ARE CONTENTS OF MY MAIN.CF for postfix:
--------------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = localhost.localdomain
alias_maps = hash:/etc/postfix/virtual
alias_database = hash:/etc/postfix/virtual
myorigin = /etc/mailname
mydestination = $myhostname, ogflip.com, localhost, localhost.localdomain,
localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
relayhost = [email-smtp.eu-west-1.amazonaws.com]:25
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-----------------------------
Basically I want Postfix to use Amazon SES to send outgoing mail using my
paid email provider, for my forum to send password requests, email
activation, etc.
Thank you! If you need any more info, please tell me. I'm new to postfix, so
noob talk is preferred.
Best regards.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684.html
Sent from the Postfix Users mailing list archive at Nabble.com.
