Hello All,
I have configured my smtp settings such that whenever somebody tries to send a mail with a .xml attachment it should be blocked and I should be notified for that. Also I have configured smarthost with yahoo bizmail and am using authentication.
Now as far as the blocking is concerned it is happening without any problem on the firewall but I am not getting the notification,
It shows me an error where it is not able get some certificate and key, now I do not know how to find that.
Here is a snapshot from the logs:
Oct 29 14:59:14 postfix/smtpd[14471]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtpd[14471]: warning: TLS library problem: 14471:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtpd[14471]: warning: TLS library problem: 14471:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtpd[14471]: warning: TLS library problem: 14471:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtpd[14471]: cannot load RSA certificate and key data
Oct 29 14:59:14 postfix/smtpd[14471]: connect from client1.cwgblr.com[192.168.1.4]
Oct 29 14:59:14 postfix/smtpd[14471]: 95F645BD22: client=client1.cwgblr.com[192.168.1.4]
Oct 29 14:59:14 postfix/cleanup[14474]: 95F645BD22: message-id=<4AE9606A.9020003@cellworksgroup.com>
Oct 29 14:59:14 postfix/qmgr[14470]: 95F645BD22: from=, size=10211, nrcpt=2 (queue active)
Oct 29 14:59:14 postfix/smtpd[14471]: disconnect from client1.cwgblr.com[192.168.1.4]
Oct 29 14:59:14 postfix/smtp[14475]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtp[14475]: warning: TLS library problem: 14475:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtp[14475]: warning: TLS library problem: 14475:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtp[14475]: warning: TLS library problem: 14475:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtp[14475]: cannot load RSA certificate and key data
Oct 29 14:59:14 postfix/smtpd[14477]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtpd[14477]: warning: TLS library problem: 14477:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtpd[14477]: warning: TLS library problem: 14477:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtpd[14477]: warning: TLS library problem: 14477:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtpd[14477]: cannot load RSA certificate and key data
Oct 29 14:59:14 postfix/smtpd[14477]: C0E695BD23: client=localhost[127.0.0.1]
Oct 29 14:59:14 postfix/cleanup[14474]: C0E695BD23: message-id=
Oct 29 14:59:14 postfix/qmgr[14470]: C0E695BD23: from=<>, size=3096, nrcpt=2 (queue active)
Oct 29 14:59:14 postfix/smtp[14478]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtp[14478]: warning: TLS library problem: 14478:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtp[14478]: warning: TLS library problem: 14478:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtp[14478]: warning: TLS library problem: 14478:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtp[14478]: cannot load RSA certificate and key data
Oct 29 14:59:14 amavis[13976]: (13976-01) Blocked BANNED (multipart/mixed | text/plain,.asc,readme.xml), LOCAL [192.168.1.4] [192.168.1.4] -> ,, Message-ID: <4AE9606A.9020003@cellworksgroup.com>, mail_id: i8wOwpkHufyD, Hits: -, size: 10206, 160 ms
Oct 29 14:59:14 postfix/smtp[14475]: 95F645BD22: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.04/0.01/0/0.16, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=13976-01 - BANNED: multipart/mixed | text/plain,.asc,readme.xml)
Oct 29 14:59:14 postfix/smtp[14475]: 95F645BD22: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.04/0.01/0/0.16, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=13976-01 - BANNED: multipart/mixed | text/plain,.asc,readme.xml)
Oct 29 14:59:14 postfix/qmgr[14470]: 95F645BD22: removed
Oct 29 14:59:15 postfix/smtp[14478]: C0E695BD23: to=, relay=smtp.bizmail.yahoo.com[203.104.17.238]:25, delay=1, delays=0.01/0.01/0.69/0.32, dsn=4.4.2, status=deferred (lost connection with smtp.bizmail.yahoo.com[203.104.17.238] while sending MAIL FROM)
Oct 29 14:59:15 postfix/smtp[14478]: C0E695BD23: to=, relay=smtp.bizmail.yahoo.com[203.104.17.238]:25, delay=1, delays=0.01/0.01/0.69/0.32, dsn=4.4.2, status=deferred (lost connection with smtp.bizmail.yahoo.com[203.104.17.238] while sending MAIL FROM)
And here is a snapshot of the postconf -n
root@firewall:/etc/httpd # postconf -n
alias_maps = hash:/etc/aliases
always_bcc = someid@server.com
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_transport = smtp
html_directory = no
inet_interfaces = all
local_recipient_maps =
local_transport = error:local
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man/
message_size_limit = 5000000
mydestination = localhost.$mydomain, localhost
mydomain = $myhostname
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_bcc_maps = btree:/etc/postfix/recipient_bcc
relay_domains = hash:/etc/postfix/relay_domains
relayhost = [smtp.bizmail.yahoo.com]
sender_bcc_maps = btree:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_enforce_tls = no
smtp_helo_name = [192.168.5.2]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = PLAIN,LOGIN
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_rate_limit = 15
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_rules, permit_mynetworks, permit_sasl_authenticated,
smtpd_enforce_tls = no
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access btree:/etc/postfix/recipient_rules, permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mx_backup, reject_unverified_recipient, permit
smtpd_sender_restrictions = check_sender_access btree:/etc/postfix/sender_rules, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain,
smtpd_tls_cert_file = /etc/httpd/server.crt
smtpd_tls_key_file = /etc/httpd/server.key
smtpd_use_tls = yes
syslog_facility = mail
syslog_name = postfix
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
root@firewall:/etc/httpd #
Please look into this issue as soon as possible.
Regards
Hasan
Author