OpenSSL build issue, or Postfix?

M

murias

Hey all,

So, this time around building a server, I have been having the hardest time. I'm being humbled - tis a good thing though at times.

Latest issue is with Postfix / OpenSSL.

The background - i386, FreeBSD 9.1, recompiled kernel, rebuilt userland, everything from ports tree from last week. Postfix current-2.10.20121031_2,4 OpenSSl 0.9.8x 10 May 2012

Here's what's going on:
I fired up Dovecot, no issues. I fired up Postfix, again no issues (apparent). I telnet to localhost port 25 to test connectivity, I get the following errors:
Code: 
warning: cannot get RSA private key from file /etc/ssl/postfix/smtpd.pem: disabling TLS support
warning: TLS library problem 59931:error:0906D06C:PEM routines:PEM_read_bio:no start line:/usr/src/secure/lib/crypto/../../../crypto/openssl/crypto/pem/pemlib.c:648:Expecting ANY PRIVATE KEY:
warning: TLS library problem:59931:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:/usr/src/secure/lib/libssl../../../crypto/openssl/ssl/ssl_rsa.c:669
connect from localhost[127.0.0.1]
fatal: no SASL authentication mechanisms
Some googling and I was lead to believe that there was an issue with the certificate itself, and how it was created. I then dropped in a known good pem file from one of my operational servers, coincidentally has the same host name etc, the drive I am doing this current build will be going into that machine and replacing that boot drive. Using this pem file I get this error on my telnet attempt:
Code: 
connect from localhost[127.0.0.1]
fatal: no SASL authentication mechanisms
warning: process /usr/local/libexec/postfix/smtpd pid # exit sstatus 1
warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
A bit of googling on that, and I am led to believe that OpenSSL build is bad.

I think it might be pertinent to add that my certs for apache seem to be working fine, I connect https and there are no complaints in the logs.

I appreciate any insights and thoughts here.

Cheers all
Murias
 
Is your private key encrypted? It's been a while since I configured my own certs on Dovecot and Postfix but I seem to remember that whilst Dovecot can decrypt private keys Postfix needs them in an already decrypted form.

Look at the top of the key file. Does it say "Proc-Type: 4,ENCRYPTED" at the top? If so try running this:

# openssl rsa -in <Encrypted key filename> -out <Decrypted key filename>

And then using the output file for Postfix instead.
 
solved

I have solved this one, seems that my dovecot-sql.conf file had gotten corrupted somehow, so it wasn't being read properly by dovecot, which then made dovecot unavailable to postfix.

No amount of editing the dovecot-sql.conf file was fixing the issue. I ended up simply creating a new one.

All (up to this) is working as designed now.

Cheers
Murias
 
You must log in or register to reply here.
Back
Top