Postfix/smtp SSL connection error: SSL_CTX_set_default_verify_paths failed

Discussion in 'Installation/Configuration' started by dfumagalli, Aug 19, 2018.

Tags:
  1. dfumagalli

    dfumagalli Member

    Hello,

    I've setup a "Perfect server" on Ubuntu 18.04, with Apache, PHP etc.
    All works perfectly except the emails.

    From RoundCube I get this error:
    2018-08-19_1.png

    If I look at the Postfix logs, I see:

    Code:
    Aug 19 21:19:36 lxsrv03 postfix/smtpd[2269]: connect from localhost[127.0.0.1]
Aug 19 21:19:36 lxsrv03 postfix/proxymap[2261]: warning: connect to mysql server
 127.0.0.1: SSL connection error: SSL_CTX_set_default_verify_paths failed
Aug 19 21:19:36 lxsrv03 postfix/trivial-rewrite[2265]: warning: virtual_mailbox_
domains: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf: table lookup problem
Aug 19 21:19:36 lxsrv03 postfix/trivial-rewrite[2265]: warning: proxy:mysql:/etc
/postfix/mysql-virtual_transports.cf lookup error for "[email protected]"
Aug 19 21:19:36 lxsrv03 postfix/trivial-rewrite[2265]: warning: transport_maps l
ookup failure
Aug 19 21:19:36 lxsrv03 postfix/trivial-rewrite[2265]: warning: virtual_mailbox_
domains: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf: table lookup problem
Aug 19 21:19:36 lxsrv03 postfix/trivial-rewrite[2265]: warning: virtual_mailbox_
domains lookup failure
Aug 19 21:19:36 lxsrv03 postfix/smtpd[2269]: 4138A3FB8F: client=localhost[127.0.0.1]
Aug 19 21:19:36 lxsrv03 postfix/proxymap[2261]: warning: connect to mysql server 127.0.0.1: SSL connection error: SSL_CTX_set_default_verify_paths failed
Aug 19 21:19:36 lxsrv03 postfix/cleanup[2263]: warning: proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf lookup error for "[email protected]"
Aug 19 21:19:36 lxsrv03 postfix/cleanup[2263]: warning: 4138A3FB8F: sender_bcc_maps map lookup problem -- message not accepted, try again later
    If I run postmap, all works perfectly:

    Code:
    postmap -q virtual_domain.tld mysql:/etc/postfix/mysql-virtual_domains.cf
it outputs the virtual_domain.tld
    I've rebooted, tried "newaliases" and some other commands but with no results.

    I have only done one "variation" from a basic tutorial installation: in the mysql configuration file I had to put self signed certificates (needed by another software):
    Code:
    [mysqld]
user   = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket   = /var/run/mysqld/mysqld.sock
port   = 3306
basedir    = /usr
datadir    = /var/lib/mysql
tmpdir   = /tmp
lc-messages-dir  = /usr/share/mysql
explicit_defaults_for_timestamp

log-error    = /var/log/mysql/error.log

bind-address=0.0.0.0
innodb_file_per_table=ON

# Recommended in standard MySQL setup
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_ALL_TABLES

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

[client]
ssl-ca=/var/lib/mysql/ca.pem
ssl-cert=/var/lib/mysql/server-cert.pem
ssl-key=/var/lib/mysql/server-key.pem

# SSL certificates
ssl-ca=/var/lib/mysql/ca.pem
ssl-cert=/var/lib/mysql/server-cert.pem
ssl-key=/var/lib/mysql/server-key.pem
    From the console, SSL connection works for every user (including root and ispconfig). This includes both when starting a simple "mysql -u root -p" prompt or when specifying the certificates on the command line. No user has the "require SSL" flags set or anything. It's all default from ISPConfig tutorial.

    If I comment out the [client] section and certificates, everything works. But I need to have Postfix when they are enabled, as another application needs them.

    I actually don't care that Postfix uses SSL to connect to the database. If it's possible to force it disabled I am perfectly happy with it.

    Best regards
     
    Last edited: Aug 19, 2018
    dfumagalli, Aug 19, 2018
    #1
  2. dfumagalli

    dfumagalli Member

    I have found the answer to my own question.
    I keep bumping into the same issue and, when I google for it, I end up to this thread. So I am going to answer myself.

    The problem is due to postfix being unable to read the mySQL SSL certificate files. The SSL certificates should look as follows:

    Code:
    drwxr-xr-x 2 mysql root 4096 Oct 28 01:16 .
drwxr-xr-x 5 mysql root 4096 Oct 28 01:16 ..
-rw-r--r-- 1 mysql root 1675 Oct 28 01:11 ca-key.pem
-rw-r--r-- 1 mysql root 1489 Oct 28 01:12 ca.pem
-rw-r--r-- 1 mysql root 1367 Oct 28 01:16 client-cert.pem
-rw-r--r-- 1 mysql root 1679 Oct 28 01:15 client-key.pem
-rw-r--r-- 1 mysql root 1098 Oct 28 01:15 client-req.pem
-rw-r--r-- 1 mysql root 1367 Oct 28 01:14 server-cert.pem
-rw-r--r-- 1 mysql root 1675 Oct 28 01:14 server-key.pem
-rw-r--r-- 1 mysql root 1098 Oct 28 01:14 server-req.pem
     
    dfumagalli, Oct 29, 2018
    #2

Share This Page