Article ID: 122364, created on Mar 31, 2015, last review on Mar 31, 2015

  • Applies to:
  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 10.4 for Linux/Unix

Kennzeichen

Ein Benutzer kann keine E-Mails mithilfe der STARTTLS-Authentifizierung senden:

Out: 220 localhost.localdomain ESMTP Postfix
In:  EHLO [192.168.1.10]
Out: 250-localhost.localdomain
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-AUTH DIGEST-MD5 LOGIN CRAM-MD5 PLAIN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In:  STARTTLS
Out: 454 4.7.0 TLS not available due to local problem
In:  QUIT
Out: 221 2.0.0 Bye

Folgender Fehler ist in /usr/local/psa/var/log/maillog zu finden:

postfix/smtpd[26508]: warning: cannot get RSA certificate from file /etc/postfix/postfix_default.pem: disabling TLS support
postfix/smtpd[26508]: warning: TLS library problem: 26508:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/etc/postfix/postfix_default.pem','r'):
postfix/smtpd[26508]: warning: TLS library problem: 26508:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
postfix/smtpd[26508]: warning: TLS library problem: 26508:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:

Lösung

  1. Erstellen Sie das Verzeichnis tls, legen Sie die korrekte Inhaberschaft/die korrekten Berechtigungen fest und erstellen Sie eine Zertifikatsdatei:

    # mkdir /etc/postfix/tls
    # chown root:postfix /etc/postfix/tls
    # chmod u=rwx,go= /etc/postfix/tls
    # cd /etc/postfix/tls
    # openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
    
  2. Ändern Sie /etc/postfix/main.cf entsprechend:

    # grep _tls /etc/postfix/main.cf
    smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
    smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
    smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    smtp_tls_security_level = may
    smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
    smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
    smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
    smtp_use_tls = yes
    smtpd_tls_received_header = yes
    smtpd_tls_ask_ccert = yes
    smtpd_tls_loglevel = 1
    tls_random_source = dev:/dev/urandom
    
  3. Laden Sie Postfix neu

    # service postfix reload
    

a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c 01bc4c8cf5b7f01f815a7ada004154a2 29d1e90fd304f01e6420fbe60f66f838 0a53c5a9ca65a74d37ef5c5eaeb55d7f aea4cd7bfd353ad7a1341a257ad4724a 2a5151f57629129e26ff206d171fbb5f e335d9adf7edffca6a8af8039031a4c7 e8756e9388aeca36710ac39e739b2b37 dd0611b6086474193d9bf78e2b293040 742559b1631652fadd74764ae8be475e

Email subscription for changes to this article
Save as PDF