hello I have successfully installed howtoforge ubuntu breezy and everything is working great except smtp tls. here is a copy of the problem from mail.log. I would very much appreciate any information that woudl help me with this issue. I have been trying to figure this out all day. Mar 6 20:47:22 bbmail3 postfix/smtpd[15657]: warning: cannot get private key from file /etc/postfix/ssl/smtpd.crt Mar 6 20:47:22 bbmail3 postfix/smtpd[15657]: warning: TLS library problem: 15657:error:0906D06CEM routinesEM_read_bio:no start lineem_lib.c:642:Expecting: ANY PRIVATE KEY: Mar 6 20:47:22 bbmail3 postfix/smtpd[15657]: warning: TLS library problem: 15657:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_fileEM lib:ssl_rsa.c:709: Mar 6 20:47:22 bbmail3 postfix/smtpd[15657]: cannot load RSA certificate and key data Mar 6 20:47:27 bbmail3 postfix/smtpd[15657]: connect from unknown[67.50.128.80] Mar 6 20:47:42 bbmail3 postfix/smtpd[15657]: lost connection after STARTTLS from unknown[67.50.128.80] Mar 6 20:47:42 bbmail3 postfix/smtpd[15657]: disconnect from unknown[67.50.128.80] Additional information: ----------------------------------------------------------------------- ls -l /etc/postfix/ssl total 20 -rw-r--r-- 1 root root 969 2006-03-06 20:12 cacert.pem -rw-r--r-- 1 root root 963 2006-03-06 20:12 cakey.pem -rw-r--r-- 1 root root 741 2006-03-06 20:11 smtpd.crt -rw-r--r-- 1 root root 631 2006-03-06 20:11 smtpd.csr -rw-r--r-- 1 root root 887 2006-03-06 20:11 smtpd.key root@bbmail3:/etc/postfix# ------------------------------------------------------------------------ root@bbmail3:/etc/postfix/ssl# cat smtpd.crt -----BEGIN CERTIFICATE----- MIIB9TCCAV4CCQDG3QcPheHAVjANBgkqhkiG9w0BAQQFADA/MQswCQYDVQQGEwJV UzOpkSo2VCwtCQoa7755gAmldydeOru vacIU4Heskrv6PVj/0CWLvDhh7gvkydN0XLZMp21j22b2m8fRhuI+X9c/neesEQ0 BxV0F+ixLs+2bIMseMFBrSrCx6AuBITL9Q== -----END CERTIFICATE----- root@bbmail3:/etc/postfix/ssl# NOTE: The middle of the ssl cert was removed for security. I was not able to find any information online about the problem that I am having. I have redone the openssl steps from: http://howtoforge.com/perfect_setup_ubuntu_5.10_p4
Hm, maybe you have a corrupt SSL cert (but you have already redone all the steps from the tutorial...). If you don't need TLS I wouldn't use it.
Code: Aug 10 18:38:24 *** postfix/smtpd[7024]: initializing the server-side TLS engine Aug 10 18:38:24 *** postfix/smtpd[7024]: warning: cannot get private key from file /etc/postfix/newreq.pem Aug 10 18:38:24 *** postfix/smtpd[7024]: warning: TLS library problem: 7024:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:642:Expecting: ANY PRIVATE KEY: Aug 10 18:38:24 *** postfix/smtpd[7024]: warning: TLS library problem: 7024:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709: Aug 10 18:38:24 *** postfix/smtpd[7024]: cannot load RSA certificate and key data
Hi falko I have the same error too. my /etc/postfix/master.cf is below Any hint ? Thanks Cheers #================================================================= # # Postfix master process configuration file. For details on the format # of the file, see the Postfix master(5) manual page. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #smtp inet n - n - - smtpd #smtp inet n - n - - smtpd -v smtp inet n n n - - smtpd -v #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr ttlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1
It seems you edited that file a lot, I don't think it's the standard master.cf. Change to Code: smtp inet n - - - - smtpd -v and to Code: smtp unix - - - - - smtp and restart Postfix.
Hi folks Thanks for the tips. Problem solved after some searching. What I did :- 1. cd /etc/postfix 2. openssl rsa -in newreq.pem -out newreq.pem.out 3. cp -p newreq.pem.out newreq.pem 4. /etc/init.d/postfix restart Question is why I need to execute step 2. Please enlighten me Cheers
That didn't work for me: Code: # openssl rsa -in newreq.pem -out newreq.pem.out unable to load Private Key 2627:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:642:Expecting: ANY PRIVATE KEY So it's not a mail.cf issue, as I copied it from the tutorial :\
Any Solutions Yet? I'm having the same problems, these errors show up repeatedly in the mail log: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.cert warning: TLS library problem: 718:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen('/etc/postfix/ssl/smtpd.cert','r'): warning: TLS library problem: 718:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351: warning: TLS library problem: 718:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720: cannot load RSA certificate and key data Any help in corecting this would be appreciated. BTW I'm using ISPConfig ver 2.2 on Fed Core 5 Perfect Install Thanks
Hi all, sometimes it seems we dont see the wood because of a lot of trees ;-) I searched days and nights to solve the TLS-library problem too - although Postfix is running well. Ok.. and here is the solution: 1.) rebuild the key as falko and the tutorial said. 2.) send and receive one mail. 2.) the warning-message says: Mar 2 19:25:53 mail postfix/smtpd[28338]: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.crt Mar 2 19:25:53 mail postfix/smtpd[28338]: warning: TLS library problem: 28338:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('/etc/postfix/ssl/smtpd.crt','r'): 3.) cd /etc/postfix/ssl 4.) have a look on the file-names: You have a smtp.crt AND NOT a smtpd.crt !! Solution quick and dirty: cp smtp.crt smtpd.crt ..and you are done... ..by the way: congratulations for the great work of falko & co !
