STARTTLS SMTP Error

[OtavioS]

This error occurred always when I try to send one email using my server and authentication STARTTLS. Here message from mailer daemon:

Signature: Postfix SMTP server: errors from unknown[187.75.4.156]

Message:

Transcript of session follows.

 Out: 220 age1.com.br ESMTP Postfix
 In:  EHLO [192.168.1.101]
 Out: 250-age1.com.br
 Out: 250-PIPELINING
 Out: 250-SIZE 20480000
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-AUTH DIGEST-MD5 LOGIN CRAM-MD5 PLAIN
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  STARTTLS
 Out: 454 4.7.0 TLS not available due to local problem
 In:  QUIT
 Out: 221 2.0.0 Bye


For other details, see the local mail logfile

/usr/local/psa/var/log/maillog

Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: cannot get RSA certificate from file /etc/postfix/postfix_default.pem: disabling TLS support
Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/etc/postfix/postfix_default.pem','r'):
Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:
Jul 10 14:15:38 ip-172-31-27-123 postfix/smtpd[26508]: connect from registration.parallels.com[199.115.105.22]
Jul 10 14:15:39 ip-172-31-27-123 postfix/smtpd[26508]: CEDFD834D2: client=registration.parallels.com[199.115.105.22]
Jul 10 14:15:40 ip-172-31-27-123 postfix/cleanup[26512]: CEDFD834D2: message-id=<20130710_181524_053074.parallels@parallelscentral.com>
Jul 10 14:15:40 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: SKIP
Jul 10 14:15:40 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: SKIP during call 'check-quota' handler
Jul 10 14:15:40 ip-172-31-27-123 spf filter[26514]: Starting spf filter...
Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: Error code: (2) Could not find a valid SPF record
Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: Failed to query MAIL-FROM: No DNS data for 'parallelscentral.com'.
Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: SPF result: none
Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: SPF status: PASS
Jul 10 14:15:41 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: PASS
Jul 10 14:15:41 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: PASS during call 'spf' handler
Jul 10 14:15:41 ip-172-31-27-123 postfix/qmgr[25637]: CEDFD834D2: from=<parallels@parallelscentral.com>, size=2696, nrcpt=1 (queue active)
Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: postfix-local: from=parallels@parallelscentral.com, to=webmaster@age1.com.br, dirname=/var/qmail/mailnames
Jul 10 14:15:41 ip-172-31-27-123 dk_check[26517]: DK_STAT_NOSIG: No signature available in message
Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: handlers_stderr: PASS
Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: PASS during call 'dd52-domainkeys' handler
Jul 10 14:15:41 ip-172-31-27-123 postfix/pipe[26515]: CEDFD834D2: to=<webmaster@age1.com.br>, relay=plesk_virtual, delay=2.7, delays=2.6/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Jul 10 14:15:41 ip-172-31-27-123 postfix/qmgr[25637]: CEDFD834D2: removed
Jul 10 14:15:41 ip-172-31-27-123 postfix/smtpd[26508]: disconnect from registration.parallels.com[199.115.105.22]
Jul 10 14:15:44 ip-172-31-27-123 postfix/smtpd[26508]: connect from registration.parallels.com[199.115.105.22]
Jul 10 14:15:45 ip-172-31-27-123 postfix/smtpd[26508]: 7E35A834D2: client=registration.parallels.com[199.115.105.22]
Jul 10 14:15:45 ip-172-31-27-123 postfix/cleanup[26512]: 7E35A834D2: message-id=<20130710_181532_040494.parallels@parallelscentral.com>
Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: SKIP
Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: SKIP during call 'check-quota' handler
Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Starting spf filter...
Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Error code: (2) Could not find a valid SPF record
Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Failed to query MAIL-FROM: No DNS data for 'parallelscentral.com'.
Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: SPF result: none
Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: SPF status: PASS
Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: PASS
Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: PASS during call 'spf' handler
Jul 10 14:15:45 ip-172-31-27-123 postfix/qmgr[25637]: 7E35A834D2: from=<parallels@parallelscentral.com>, size=2696, nrcpt=1 (queue active)
Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: postfix-local: from=parallels@parallelscentral.com, to=webmaster@age1.com.br, dirname=/var/qmail/mailnames
Jul 10 14:15:45 ip-172-31-27-123 dk_check[26523]: DK_STAT_NOSIG: No signature available in message
Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: handlers_stderr: PASS
Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: PASS during call 'dd52-domainkeys' handler
Jul 10 14:15:46 ip-172-31-27-123 postfix/pipe[26515]: 7E35A834D2: to=<webmaster@age1.com.br>, relay=plesk_virtual, delay=0.68, delays=0.65/0/0/0.03, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Jul 10 14:15:46 ip-172-31-27-123 postfix/qmgr[25637]: 7E35A834D2: removed
Jul 10 14:15:46 ip-172-31-27-123 postfix/smtpd[26508]: disconnect from registration.parallels.com[199.115.105.22]

Any help please???

 

[Nikolay.]

postfix/smtpd[26508]: warning: cannot get RSA certificate from file /etc/postfix/postfix_default.pem: disabling TLS support

Apparently, you don't have /etc/postfix/postfix_default.pem file. Restore it with proper content and permissions and you should be OK. Please, address Postfix documentation for details.

 

[OtavioS]

This problem occured when I deploied Parallels Plesk Panel 11 on Amazon EC2 service. I did it and solved the problem:

mkdir /etc/postfix/tls
chown root:postfix /etc/postfix/tls
chmod u=rwx,go= /etc/postfix/tls
cd /etc/postfix/tls
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

Then I changed /etc/postfix/main.cf

smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom

Reload postfix

postfix reload

And works perfectly

 

[OlivierLigny]

Had the same problem with a brand new Plesk 12.
Instead of modifying /etc/postfix/main.cf, I just had to copy the freshly created smtpd.pem to /etc/pki/[myhostname].pem (look for smtpd_tls_cert_file directive which is already in /etc/postfix/main.cf)
And it worked perfectly after a "postfix reload".

 

[yabado]

Thanks , this helped me locate my issue.

I am using the AWS Pleck EC2 instance sold in the AWS Marketplace.

So, the the /etc/postfix/postfix_default.pem is not there by default.

This is the location the etc/postfix/main.cf says where the cert should be, yet it is not.

The fix, cd into /etc/postfix/ and run the following command to create the cert. ...

openssl req -new -x509 -nodes -out postfix_default.pem -keyout postfix_default.pem -days 3650

Hope this helps