Postfix Send Error: Must Issue STARTTLS command

Posted by Mary Elizabeth on Server Fault See other posts from Server Fault or by Mary Elizabeth
Published on 2012-06-11T14:30:32Z Indexed on 2012/06/11 16:42 UTC
Read the original article Hit count: 964

Running Ubuntu 12.04 and trying to configure postfix to relay send and receive through GMAIL. Am running into connection issues particularly with TLS. Have tried a bunch of troubleshooting solutions and have changed my main.cf to address TLS but still receive the below errors.

Tried debugging connection issues with:

      `root@mailservice:/etc/postfix# openssl s_client -connect localhost:587 -starttls smtp`

and I recveive these errors

    `connect: Connection refused'
     'connect:errno=111`

in my logs I see:

       Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: cannot get RSA certificate
       from file /etc/postfix/cert.pem: disabling TLS support

       Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: TLS library problem: 
       3765:error:0906D06C:PEM routines:PEM_read_bio:no start    
       line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE:

       Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: TLS library problem:   
       3765:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM    
       lib:ssl_rsa.c:729:

       Jun 11 13:54:31 mailservice postfix/smtp[3765]: 9986B6846A: to=
       <[email protected]>, relay=smtp.gmail.com[173.194.77.109]:587, delay=0.15, 
       delays=0.02/0.02/0.09/0.02, dsn=5.7.0, status=bounced (host 
       smtp.gmail.com[173.194.77.109] said: 530 5.7.0 Must issue a STARTTLS command first.  
       hd9sm12170509obc.6 (in reply to MAIL FROM command))

The contents of my main.cf (pertaining to TLS) look like this:

     #TLS Parameters 
     smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
     smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
     smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
     smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

     #TLS Settings 
     smtp_use_tls = yes 
     smtp_tls_security_level = may 
     smtp_tls_loglevel = 1
     smtp_enforce_tls = yes 
     smtp_tls_CAfile = /etc/postfix/cacert.pem
     smtp_tls_cert_file = /etc/postfix/cert.pem 
     smtp_tls_key_file = $smtp_tls_cert_file 
     smtp_tls_session_cache_dataabase = btree:/var/run/smtp_tls_session_cache 
     smtp_tls_note_starttls_offer = yes 
     smtpd_use_tls = yes 
     smtpd_tls_security)level = may 
     smtpd_tls_auth_only = no 
     smtpd_tls_CAfile = /etc/postfix/cacert.pem
     smtpd_tls_cert_file = /etc/postfix/cert.pem
     smtpd_tls_key_file = /etc/postfix/key.pem
     smtpd_tls_received_header = yes 
     smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache 
     smtpd_tls_session_cache_timeout = 3600s 
     tls_random_source = dev:/dev/urandom

As far as I can tell everything is in order for a proper TLS Connection, and I am unsure what would need to change in main.cf or elsewhere for mail to send.

© Server Fault or respective owner

Related posts about postfix

Related posts about connection