Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 30th October 2012
Dazhelpwiz Dazhelpwiz is offline
Port Guard
Join Date: May 2008
Location: Townsville, Australia
Posts: 34
Unhappy [SOLVED] OBSD, Postfix, TLS, Sasl

Hi Guys,

Its been a long time since I posted here but I need some fresh eyes to look at this issue Ive encountered. Im sure there is a simple solution, most likely a config error on my part but Im not entirely sure.

Ok, so on to the point. Im currently configuring an OBSD 5.1 box with postfix/SA/procmail, pretty standard stuff and that all works perfect, as expected.

I have sasl configured and authenticating just fine for smtp auth. Good so far.

Now, the issue. TLS. I cant get both sasl and TLS to work together happily. Last time I did this was on a 4.6 machine where it worked flawlessly.

I followed the same receipe I worked out. now the wierdness.

Without auth, I can successfully run the TLS connection/conversation. (thunderbird settings - no authentication, port 587)
connect from unknown[]
Oct 30 16:08:37 mail postfix/smtps/smtpd[8919]: Anonymous TLS connection established from unknown[]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Oct 30 16:08:37 mail postfix/smtps/smtpd[8919]: 73BA9701C3E: client=unknown[]
Oct 30 16:08:37 mail postfix/cleanup[6618]: 73BA9701C3E: message-id=<508F6EE4.40902@wardles.com.au>
Oct 30 16:08:37 mail postfix/qmgr[31005]: 73BA9701C3E: from=<xxxxx@xxxxxx.com.au>, size=50340, nrcpt=1 (queue active)
Oct 30 16:08:37 mail postfix/smtps/smtpd[8919]: disconnect from unknown[]
With auth, it spits a bad cert error. (thunderbird setting: ssl/tls, normal password)
connect from unknown[]
Oct 30 16:08:20 mail postfix/smtps/smtpd[8919]: Anonymous TLS connection established from unknown[]: SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Oct 30 16:08:20 mail postfix/smtps/smtpd[8919]: warning: TLS library problem: 8919:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:/usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1195:SSL alert number 42:
Any idea would be helpful. I generated the certs and CA myself using openssl thats with OBSD by default.

Im using dovecot for the imap/pop3 servers. Same deal, if I leave on default ports (143/110) it seems to use a TLS connection which doesnt make sense, or the logs are lying to me.
mail dovecot: imap-login: Login: user=<xxxxxx>, method=PLAIN, rip=, lip=, mpid=1787, TLS
set it to 993, SSL/TLS and you get:
mail dovecot: imap-login: Disconnected (no auth attempts): rip=, lip=, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
Something doesnt add up...

I can post any config files you like, I havent yet as I didnt want to clutter this post to much.

If Ive done something completely stupid, please point it out haha.

Last edited by Dazhelpwiz; 31st October 2012 at 01:11 AM. Reason: more info, its late, been doing this all day..
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mutt and SASL divadgnol67 OpenBSD Packages and Ports 3 11th March 2011 04:48 PM
Problem with Postfix and Sasl auth unixbsd OpenBSD General 1 27th April 2009 03:26 AM
unable to install Postfix from ports on OBSD 4.3 Pollywog OpenBSD Packages and Ports 25 22nd July 2008 03:32 AM
Postfix, SASL w/ LDAP kronic OpenBSD General 2 19th June 2008 06:49 AM
Working Configuration for Openbsd 4.0 - Postfix - SASL - TLS roundkat Guides 0 4th May 2008 05:38 PM

All times are GMT. The time now is 11:01 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick