|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
[SOLVED] OBSD, Postfix, TLS, Sasl
Hi Guys,
Its been a long time since I posted here but I need some fresh eyes to look at this issue Ive encountered. Im sure there is a simple solution, most likely a config error on my part but Im not entirely sure. Ok, so on to the point. Im currently configuring an OBSD 5.1 box with postfix/SA/procmail, pretty standard stuff and that all works perfect, as expected. I have sasl configured and authenticating just fine for smtp auth. Good so far. Now, the issue. TLS. I cant get both sasl and TLS to work together happily. Last time I did this was on a 4.6 machine where it worked flawlessly. I followed the same receipe I worked out. now the wierdness. Without auth, I can successfully run the TLS connection/conversation. (thunderbird settings - no authentication, port 587) Code:
connect from unknown[10.0.0.66] Oct 30 16:08:37 mail postfix/smtps/smtpd[8919]: Anonymous TLS connection established from unknown[10.0.0.66]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Oct 30 16:08:37 mail postfix/smtps/smtpd[8919]: 73BA9701C3E: client=unknown[10.0.0.66] Oct 30 16:08:37 mail postfix/cleanup[6618]: 73BA9701C3E: message-id=<508F6EE4.40902@wardles.com.au> Oct 30 16:08:37 mail postfix/qmgr[31005]: 73BA9701C3E: from=<xxxxx@xxxxxx.com.au>, size=50340, nrcpt=1 (queue active) Oct 30 16:08:37 mail postfix/smtps/smtpd[8919]: disconnect from unknown[10.0.0.66] Code:
connect from unknown[10.0.0.66] Oct 30 16:08:20 mail postfix/smtps/smtpd[8919]: Anonymous TLS connection established from unknown[10.0.0.66]: SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits) Oct 30 16:08:20 mail postfix/smtps/smtpd[8919]: warning: TLS library problem: 8919:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:/usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1195:SSL alert number 42: Im using dovecot for the imap/pop3 servers. Same deal, if I leave on default ports (143/110) it seems to use a TLS connection which doesnt make sense, or the logs are lying to me. Code:
mail dovecot: imap-login: Login: user=<xxxxxx>, method=PLAIN, rip=10.0.0.66, lip=10.0.0.72, mpid=1787, TLS Code:
mail dovecot: imap-login: Disconnected (no auth attempts): rip=10.0.0.66, lip=10.0.0.72, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 I can post any config files you like, I havent yet as I didnt want to clutter this post to much. If Ive done something completely stupid, please point it out haha. Last edited by Dazhelpwiz; 31st October 2012 at 01:11 AM. Reason: more info, its late, been doing this all day.. |
|
||||
I'm going to take a wild guess -- supported only by a quick Google search -- that your certificate is the problem.
http://www.mail-archive.com/openssl-.../msg47175.html |
|
|||
I googled, but I didnt come across that one. Thanks jggimi. I knew you lads would know the answer.
I generated some new RSA 2048 bit keys and all was ok. Code:
postfix/smtps/smtpd[9783]: connect from unknown[10.0.0.66] Oct 31 11:02:20 mail postfix/smtps/smtpd[9783]: Anonymous TLS connection established from unknown[10.0.0.66]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Oct 31 11:02:21 mail postfix/smtps/smtpd[9783]: 02621701C3F: client=unknown[10.0.0.66], sasl_method=PLAIN, sasl_username=xxxxxxx Oct 31 11:02:21 mail postfix/cleanup[23539]: 02621701C3F: message-id=<5090789C.4040201@xxxxxx.com.au> To clarify further. I was doing it the older way (atleast what I think was the older method), where pem files werent necessarily needed. just the old .crt/.key files. That was most likely it. I went over the openssl docs again and saw the difference. (as well as the postfix TLS man, even though I read it 20 times yesterday I guess it didnt click as I had been trying to solve it for so long - amazing what a nights sleep can do). Thank you again kind sir. Last edited by Dazhelpwiz; 31st October 2012 at 01:11 AM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Mutt and SASL | divadgnol67 | OpenBSD Packages and Ports | 3 | 11th March 2011 04:48 PM |
Problem with Postfix and Sasl auth | unixbsd | OpenBSD General | 1 | 27th April 2009 03:26 AM |
unable to install Postfix from ports on OBSD 4.3 | Pollywog | OpenBSD Packages and Ports | 25 | 22nd July 2008 03:32 AM |
Postfix, SASL w/ LDAP | kronic | OpenBSD General | 2 | 19th June 2008 06:49 AM |
Working Configuration for Openbsd 4.0 - Postfix - SASL - TLS | roundkat | Guides | 0 | 4th May 2008 05:38 PM |