|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
TLS handshake failure
From: Ed Sawicki (ed
alcpress.com)
Date: Wed Mar 01 2006 - 12:18:54 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Recently, I setup TLS on Postfix 2.2.8. It is working fine for
inbound mail as this sample from the log shows:
Feb 25 02:26:10 kmalone1 postfix/smtpd[18262]: connect from smtp.treasurystrategies.com[207.86.60.118]
Feb 25 02:26:11 kmalone1 postfix/smtpd[18262]: setting up TLS connection from
smtp.treasurystrategies.com[207.86.60.118]
Feb 25 02:26:11 kmalone1 postfix/smtpd[18262]: TLS connection established from
smtp.treasurystrategies.com[207.86.60.118]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
It does not work for outbound mail:
Feb 25 02:26:33 kmalone1 postfix/smtp[18265]: initializing the client-side TLS engine
Feb 25 02:26:33 kmalone1 postfix/smtp[18265]: setting up TLS connection to TreasuryStrategies.com
Feb 25 02:26:33 kmalone1 postfix/smtp[18265]: warning: TLS library problem: 18265:error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1052:SSL alert number 20:
Feb 25 02:26:33 kmalone1 postfix/smtp[18265]: 014349B234: to=<infoTreasuryStrategies.com>,
relay=TreasuryStrategies.com[207.86.60.66], delay=0, status=deferred (Cannot start TLS: handshake
failure)
The problem occurs with other remote TLS hosts as well.
Here's the relevant lines from main.cf
# Global TLS settings
tls_daemon_random_bytes = 32
tls_random_source = dev:/dev/urandom
# smtpd_tls_* statements relate where Postfix is the server receiving
# mail from some TLS client.
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/certs/mail.key
smtpd_tls_cert_file = /etc/postfix/certs/mail.crt
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_CAfile = /etc/postfix/certs/CA.pem
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_received_header = yes
# smtp_tls_* statements relate where Postfix is the client sending mail
# to some TLS server.
smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/certs/mail.key
smtp_tls_cert_file = /etc/postfix/certs/mail.crt
smtp_tls_CAfile = /etc/postfix/certs/CA.pem
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
I must be doing something silly. Help.
Ed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]