• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved [Solved] Postfixadmin vacation.pl TLS error

mariourk

Well-Known Member

Thanks: 5
Messages: 255

#1
I'm working on a new mailserver, based on FreeBSD, Postfix, PostgreSQL and Dovecot. I'm using Postfixadmin to manage everything and currently I'm working on the autoreply function. I have it almost working, except that the attempt to send an autoreply results in an error

Code:
May  7 12:38:14 mail postfix/smtpd[71191]: connect from localhost[127.0.0.1]
May  7 12:38:14 mail postfix/smtpd[71191]: SSL_accept error from localhost[127.0.0.1]: 0
May  7 12:38:14 mail postfix/smtpd[71191]: warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1256:SSL alert number 48:
May  7 12:38:14 mail postfix/smtpd[71191]: lost connection after STARTTLS from localhost[127.0.0.1]
May  7 12:38:14 mail postfix/smtpd[71191]: disconnect from localhost[127.0.0.1]
May  7 12:38:14 mail /usr/local/virtual/vacation/vacation.pl: ERROR - Failed to send vacation response: Connection not established
I've done some digging and apparently it's p5-Mail::Sender being unhappy about my SSL-certificates, create and signed by my own (unknow and therefore untrusted) CA.

Is there some way to add my own CA-certificate as a trusted CA? Or perhaps making p5-Mail::Sender ignoring this untrusted CA-issue?
 

mariourk

Well-Known Member

Thanks: 5
Messages: 255

#2
Re: Postfixadmin vacation.pl TLS error

I managed to fix it, by editing the script.

Search for this line (around line 460)
Code:
my $sender = new Mail::Sender({%smtp_connection});
And change it into
Code:
my $sender = new Mail::Sender({%smtp_connection,TLS_allowed => 0});
That forces Mail::Sender not to use TLS, so it won't bother with untrusted CAs. The downside it that the communication is completely unencrypted. But I personally don't mind that, because the traffic is local only.

If someone knows a better solution, please let me know.