Find the answer to your Linux question:
Results 1 to 5 of 5
Hi folks When I testing portfix by telnet to the smtp, and try to starttls I keep having '454 TLS not available due to local problem". By the way I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2006
    Posts
    3

    Postfix problem for TLS Error (454 TLS not available due to local problem)


    Hi folks
    When I testing portfix by telnet to the smtp, and try to starttls I keep having
    '454 TLS not available due to local problem". By the way I am using self signed certificate.

    Please see below for testing reposne

    Please help
    Cheers
    firefly



    ========================

    Connected to host.it-destination.com (127.0.0.1).
    Escape character is '^]'.
    220 mail.host.com ESMTP Postfix
    ehlo mail.host.com
    250-mail.host.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250 8BITMIME
    starttls
    454 TLS not available due to local problem

    ================
    mail.cf

    #
    smtpd_use_tls = yes
    smtpd_tls_auth_enable = yes
    smtpd_tls_auth_only = yes
    smtpd_tls_key_file = /etc/postfix/newreq.pem
    smtpd_tls_cert_file = /etc/postfix/newcert.pem
    smtpd_tls_CAfile = /etc/postfix/cacert.pem
    smtpd_tls_ccert_verifydepth = 1
    smtpd_tls_loglevel = 4
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    # Reduce the time Postfix will sit idle after a client issues STARTTLS.
    smtpd_starttls_timeout = 60s

  2. #2
    Just Joined! richiefrich's Avatar
    Join Date
    May 2006
    Location
    Houston
    Posts
    88
    I use postfix but I dont have that options enabled.. All i can think is do you have tls installed not in the main.cf the package? I dont know if that will help. Worth a shot

  3. #3
    Just Joined!
    Join Date
    Aug 2006
    Posts
    3
    Quote Originally Posted by richiefrich
    I use postfix but I dont have that options enabled.. All i can think is do you have tls installed not in the main.cf the package? I dont know if that will help. Worth a shot
    is due to ssl but i don't know to solve it from the mail log
    Aug 22 00:00:02 host postfix/smtpd[4124]: warning: cannot get private key from file /etc/postfix/newreq.pem
    Aug 22 00:00:02 host postfix/smtpd[4124]: warning: TLS library problem: 4124:error:0906406D:PEM routinesEF_CALLBACKroblems getting passwordem_lib.c:105:
    Aug 22 00:00:02 host postfix/smtpd[4124]: warning: TLS library problem: 4124:error:0906A068:PEM routines:PEM_do_header:bad password readem_lib.c:401:
    Aug 22 00:00:02 host postfix/smtpd[4124]: warning: TLS library problem: 4124:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
    Aug 22 00:00:02 host postfix/smtpd[4124]: cannot load RSA certificate and key data

  4. #4
    Just Joined!
    Join Date
    Aug 2006
    Posts
    3
    Hi folks
    Thanks for the tips. Problem solved after some searching.
    What I did :-
    1. cd /etc/postfix
    2. openssl rsa -in newreq.pem -out newreq.pem.out
    3. cp -p newreq.pem.out newreq.pem
    4. /etc/init.d/postfix restart

    Question is what I need to execute step 2. Please enlighten me

    Cheers

  5. #5
    Just Joined!
    Join Date
    Dec 2008
    Posts
    1

    newkey.pem instead newreq.pem

    The current Ubuntu version of CA.pl saves the private key to newkey.pem
    instead of inside newreq.pem (although the manual page says differently).
    Check whether there is a newkey.pem in /usr/lib/ssl/misc (or wherever you
    called CA.pl), and use this as smtpd_tls_key_file.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •