SSL/TLS suddenly stopped working for postfix
Matt Mullins
mokomull at gmail.com
Fri Dec 30 22:01:36 UTC 2011
On Fri, Dec 30, 2011 at 8:53 AM, Mark <mark at msen.com> wrote:
> My apologies for the cross-posting but I believe it is relevant.
That's still typically frowned upon, IMHO.
> I have been running postfix for 8+ months without problems. Recently ( a
> week or two) I had a user complain that he could no longer send. It appears
> that postfix is no longer accepting SSL/TLS connections. STARTTLS is
> working on port 587 (and possibly 25, still testing) I am trying to figure
> out why the change.
>
> If I try and open an openssl connection manually, this is what I get:
>
> openssl s_client -connect mail.myServer.net:587
> CONNECTED(00000003)
> 44829:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:478:
This command starts speaking the SSL protocol immediately at the
beginning of the connection, which is wrong for STARTTLS cases. You
need to do this instead:
$ openssl s_client -connect mail.myserver.net:587 -starttls smtp
The most common SSL-just-stops-working issue is that your certificate
expired. Check that by looking for "Not After" in the output of:
root at mailserver# openssl x509 -noout -text -in /path/to/server.crt
--
Matt Mullins
More information about the freebsd-questions
mailing list