Postfix Send Error: Must Issue STARTTLS command
Posted
by
Mary Elizabeth
on Server Fault
See other posts from Server Fault
or by Mary Elizabeth
Published on 2012-06-11T14:30:32Z
Indexed on
2012/06/11
16:42 UTC
Read the original article
Hit count: 958
Running Ubuntu 12.04 and trying to configure postfix to relay send and receive through GMAIL. Am running into connection issues particularly with TLS. Have tried a bunch of troubleshooting solutions and have changed my main.cf to address TLS but still receive the below errors.
Tried debugging connection issues with:
`root@mailservice:/etc/postfix# openssl s_client -connect localhost:587 -starttls smtp`
and I recveive these errors
`connect: Connection refused'
'connect:errno=111`
in my logs I see:
Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: cannot get RSA certificate
from file /etc/postfix/cert.pem: disabling TLS support
Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: TLS library problem:
3765:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE:
Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: TLS library problem:
3765:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM
lib:ssl_rsa.c:729:
Jun 11 13:54:31 mailservice postfix/smtp[3765]: 9986B6846A: to=
<[email protected]>, relay=smtp.gmail.com[173.194.77.109]:587, delay=0.15,
delays=0.02/0.02/0.09/0.02, dsn=5.7.0, status=bounced (host
smtp.gmail.com[173.194.77.109] said: 530 5.7.0 Must issue a STARTTLS command first.
hd9sm12170509obc.6 (in reply to MAIL FROM command))
The contents of my main.cf (pertaining to TLS) look like this:
#TLS Parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#TLS Settings
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_enforce_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/cert.pem
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_session_cache_dataabase = btree:/var/run/smtp_tls_session_cache
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
smtpd_tls_security)level = may
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
As far as I can tell everything is in order for a proper TLS Connection, and I am unsure what would need to change in main.cf or elsewhere for mail to send.
© Server Fault or respective owner
