What does this error mean?

R

ranggadablues

hello..

I try connect to my localhost with telnet
Code: 
telnet localhost 25
and it show like this
Code: 
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo test.com
Connection closed by foreign host.

then I look to my maillog
Code: 
Feb 14 17:10:33 server postfix/smtpd[5557]: connect from localhost[127.0.0.1]
Feb 14 17:10:35 server postfix/smtpd[5557]: SSL_accept error from localhost[127.0.0.1]: -1
Feb 14 17:10:35 server postfix/smtpd[5557]: warning: TLS library problem: 5557:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
 protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:578:
Feb 14 17:10:35 server postfix/smtpd[5557]: lost connection after CONNECT from localhost[127.0.0.1]

truely I don't know with this error message, so someone can help me?

thanks
 
Your mailserver seems to be incorrectly configured. You have enabled SSL/TLS on the standard port 25. SMTPS (SMTP over SSL/TLS) should run on port 587.
 
thanks for reply..

vand777
why I should use s_client not telnet? could you explain? because I'm new in mailserver

SirDice
ya I use SSL/TLS on standart port 25, it is wrong? I read on this link http://www.purplehat.org/?page_id=4 and I followed all instruction, if it's wrong where I should change on my mailserver settings

thank you..
 
TLS on port 25 isn't exactly wrong but it's tricky get it right if you're using the same port for both unencrypted SMTP from the outside world (mail coming to your domain) and TLS/AUTH for anyone wanting to relay mail trough your server. Moving the MSA (mail submission agent) service that supports TLS/AUTH to port 587 is better because you can then leave the smtpd listening on port 25 at standard settings and use different set of settings (for example require TLS on all connections) on the MSA service at port 587.

Here's an example what I'm talking about, I used this as guide for setting up an MSA on mail/postfix for a company I worked for few years ago, it's for Linux but much of it applies to FreeBSD as well:

http://www.davekb.com/browse_computer_tips:postfix_submission:txt
 
Hello,

Thanks kpa for explaining, but here I not setting my firewall yet, and from link you gave it says "You'll need to open port 587 in your firewall" after that I search for cyrus port there is not found. So what I have to do?
Now I try to telnet localhost again:

Code: 
server# telnet localhost 25
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Trying ::1...
telnet: connect to address ::1: Connection refused
telnet: Unable to connect to remote host

I just uncomment in master.cf
Code: 
smtps     inet  n       -       n       -       -       smtpd

Any suggestion?
Thank you.
 
If I remember right the smtps is the SSL encrypted service that listens on port 465, that may not be what you want. You can see what service is listening on what port by running:

$ sockstat -l

Yes, if you decide to make a separate MSA service that listens on port 587 you'll have to open access to port 587 on your firewall in addition to port 25.

I'd recommend that you start reading the postfix documentation and read anything you can find about SMTP before going any further with your mailserver, SMTP is a very complex protocol and it's too easy to make a mistake that opens up your mailserver to the hostile world as an open relay.

This and the wikipedia entry on SMTP should get you started:

http://www.postfix.org/documentation.html
 
You must log in or register to reply here.
Back
Top