Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 24 December 2024, 04:59:47 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Postfix SMTP Error
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Postfix SMTP Error  (Read 17502 times)
hasanmnaqvi
Jr. Member
*
Offline Offline

Posts: 4


« on: Thursday 29 October 2009, 09:02:22 pm »

Hello All,
             I have configured my smtp settings such that whenever somebody tries to send a mail with a .xml attachment it should be blocked and I should be notified for that. Also I have configured smarthost with yahoo bizmail and am using authentication.

Now as far as the blocking is concerned it is happening without any problem on the firewall but I am not getting the notification,

It shows me an error where it is not able get some certificate and key, now I do not know how to find that.

Here is a snapshot from the logs:

Code:
Oct 29 14:59:14  	postfix/smtpd[14471]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtpd[14471]: warning: TLS library problem: 14471:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtpd[14471]: warning: TLS library problem: 14471:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtpd[14471]: warning: TLS library problem: 14471:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtpd[14471]: cannot load RSA certificate and key data
Oct 29 14:59:14 postfix/smtpd[14471]: connect from client1.cwgblr.com[192.168.1.4]
Oct 29 14:59:14 postfix/smtpd[14471]: 95F645BD22: client=client1.cwgblr.com[192.168.1.4]
Oct 29 14:59:14 postfix/cleanup[14474]: 95F645BD22: message-id=<4AE9606A.9020003@cellworksgroup.com>
Oct 29 14:59:14 postfix/qmgr[14470]: 95F645BD22: from=, size=10211, nrcpt=2 (queue active)
Oct 29 14:59:14 postfix/smtpd[14471]: disconnect from client1.cwgblr.com[192.168.1.4]
Oct 29 14:59:14 postfix/smtp[14475]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtp[14475]: warning: TLS library problem: 14475:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtp[14475]: warning: TLS library problem: 14475:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtp[14475]: warning: TLS library problem: 14475:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtp[14475]: cannot load RSA certificate and key data
Oct 29 14:59:14 postfix/smtpd[14477]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtpd[14477]: warning: TLS library problem: 14477:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtpd[14477]: warning: TLS library problem: 14477:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtpd[14477]: warning: TLS library problem: 14477:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtpd[14477]: cannot load RSA certificate and key data
Oct 29 14:59:14 postfix/smtpd[14477]: C0E695BD23: client=localhost[127.0.0.1]
Oct 29 14:59:14 postfix/cleanup[14474]: C0E695BD23: message-id=
Oct 29 14:59:14 postfix/qmgr[14470]: C0E695BD23: from=<>, size=3096, nrcpt=2 (queue active)
Oct 29 14:59:14 postfix/smtp[14478]: warning: cannot get certificate from file /etc/httpd/server.crt
Oct 29 14:59:14 postfix/smtp[14478]: warning: TLS library problem: 14478:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/httpd/server.crt','r'):
Oct 29 14:59:14 postfix/smtp[14478]: warning: TLS library problem: 14478:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Oct 29 14:59:14 postfix/smtp[14478]: warning: TLS library problem: 14478:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Oct 29 14:59:14 postfix/smtp[14478]: cannot load RSA certificate and key data
Oct 29 14:59:14 amavis[13976]: (13976-01) Blocked BANNED (multipart/mixed | text/plain,.asc,readme.xml), LOCAL [192.168.1.4] [192.168.1.4] -> ,, Message-ID: <4AE9606A.9020003@cellworksgroup.com>, mail_id: i8wOwpkHufyD, Hits: -, size: 10206, 160 ms
Oct 29 14:59:14 postfix/smtp[14475]: 95F645BD22: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.04/0.01/0/0.16, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=13976-01 - BANNED: multipart/mixed | text/plain,.asc,readme.xml)
Oct 29 14:59:14 postfix/smtp[14475]: 95F645BD22: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.04/0.01/0/0.16, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=13976-01 - BANNED: multipart/mixed | text/plain,.asc,readme.xml)
Oct 29 14:59:14 postfix/qmgr[14470]: 95F645BD22: removed
Oct 29 14:59:15 postfix/smtp[14478]: C0E695BD23: to=, relay=smtp.bizmail.yahoo.com[203.104.17.238]:25, delay=1, delays=0.01/0.01/0.69/0.32, dsn=4.4.2, status=deferred (lost connection with smtp.bizmail.yahoo.com[203.104.17.238] while sending MAIL FROM)
Oct 29 14:59:15 postfix/smtp[14478]: C0E695BD23: to=, relay=smtp.bizmail.yahoo.com[203.104.17.238]:25, delay=1, delays=0.01/0.01/0.69/0.32, dsn=4.4.2, status=deferred (lost connection with smtp.bizmail.yahoo.com[203.104.17.238] while sending MAIL FROM)

And here is a snapshot of the postconf -n

Code:
root@firewall:/etc/httpd # postconf -n
alias_maps = hash:/etc/aliases
always_bcc = someid@server.com
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_transport = smtp
html_directory = no
inet_interfaces = all
local_recipient_maps =
local_transport = error:local
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man/
message_size_limit = 5000000
mydestination = localhost.$mydomain, localhost
mydomain = $myhostname
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_bcc_maps = btree:/etc/postfix/recipient_bcc
relay_domains = hash:/etc/postfix/relay_domains
relayhost = [smtp.bizmail.yahoo.com]
sender_bcc_maps = btree:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_enforce_tls = no
smtp_helo_name = [192.168.5.2]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = PLAIN,LOGIN
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_rate_limit = 15
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_rules,     permit_mynetworks,     permit_sasl_authenticated,
smtpd_enforce_tls = no
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access btree:/etc/postfix/recipient_rules,     permit_mynetworks,permit_sasl_authenticated,     reject_unauth_destination,     reject_non_fqdn_recipient,     reject_unknown_recipient_domain,     permit_mx_backup,     reject_unverified_recipient,     permit
smtpd_sender_restrictions = check_sender_access btree:/etc/postfix/sender_rules,     reject_invalid_hostname,     reject_non_fqdn_sender,     reject_unknown_sender_domain,
smtpd_tls_cert_file = /etc/httpd/server.crt
smtpd_tls_key_file = /etc/httpd/server.key
smtpd_use_tls = yes
syslog_facility = mail
syslog_name = postfix
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
root@firewall:/etc/httpd #



Please look into this issue as soon as possible.



Regards
Hasan
Logged
Tahoe
Jr. Member
*
Offline Offline

Posts: 1


« Reply #1 on: Saturday 31 October 2009, 07:51:04 am »

I had the same problem. Not wanting to sit around and wait for my log files to fill up; here is what I did:

open a shell on the console of your EFW:

cd /etc/httpd/
openssl genrsa -des3 -rand /etc/hosts -out server.key 1024
chmod 600 server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
openssl rsa -in server.key -out server.key.unencrypted
mv -f server.key.unencrypted server.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650


When asked for Passphrase, make one up the first time and keep using it when you go along.
Also, enter all certification question during the openssl commands and you should be fine.
Looks like this fixed it for me...
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com