1. OtavioS

    OtavioS New Member

    Messages:
    2
    This error occurred always when I try to send one email using my server and authentication STARTTLS. Here message from mailer daemon:

    Signature: Postfix SMTP server: errors from unknown[187.75.4.156]

    Message:

    Code:
    Transcript of session follows.
    
     Out: 220 age1.com.br ESMTP Postfix
     In:  EHLO [192.168.1.101]
     Out: 250-age1.com.br
     Out: 250-PIPELINING
     Out: 250-SIZE 20480000
     Out: 250-ETRN
     Out: 250-STARTTLS
     Out: 250-AUTH DIGEST-MD5 LOGIN CRAM-MD5 PLAIN
     Out: 250-ENHANCEDSTATUSCODES
     Out: 250-8BITMIME
     Out: 250 DSN
     In:  STARTTLS
     Out: 454 4.7.0 TLS not available due to local problem
     In:  QUIT
     Out: 221 2.0.0 Bye
    
    
    For other details, see the local mail logfile
    /usr/local/psa/var/log/maillog

    Code:
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: cannot get RSA certificate from file /etc/postfix/postfix_default.pem: disabling TLS support
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/etc/postfix/postfix_default.pem','r'):
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
    Jul 10 14:15:37 ip-172-31-27-123 postfix/smtpd[26508]: warning: TLS library problem: 26508:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:
    Jul 10 14:15:38 ip-172-31-27-123 postfix/smtpd[26508]: connect from registration.parallels.com[199.115.105.22]
    Jul 10 14:15:39 ip-172-31-27-123 postfix/smtpd[26508]: CEDFD834D2: client=registration.parallels.com[199.115.105.22]
    Jul 10 14:15:40 ip-172-31-27-123 postfix/cleanup[26512]: CEDFD834D2: message-id=<20130710_181524_053074.parallels@parallelscentral.com>
    Jul 10 14:15:40 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: SKIP
    Jul 10 14:15:40 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: SKIP during call 'check-quota' handler
    Jul 10 14:15:40 ip-172-31-27-123 spf filter[26514]: Starting spf filter...
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: Error code: (2) Could not find a valid SPF record
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: Failed to query MAIL-FROM: No DNS data for 'parallelscentral.com'.
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: SPF result: none
    Jul 10 14:15:41 ip-172-31-27-123 spf filter[26514]: SPF status: PASS
    Jul 10 14:15:41 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: PASS
    Jul 10 14:15:41 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: PASS during call 'spf' handler
    Jul 10 14:15:41 ip-172-31-27-123 postfix/qmgr[25637]: CEDFD834D2: from=<parallels@parallelscentral.com>, size=2696, nrcpt=1 (queue active)
    Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: postfix-local: from=parallels@parallelscentral.com, to=webmaster@age1.com.br, dirname=/var/qmail/mailnames
    Jul 10 14:15:41 ip-172-31-27-123 dk_check[26517]: DK_STAT_NOSIG: No signature available in message
    Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: handlers_stderr: PASS
    Jul 10 14:15:41 ip-172-31-27-123 postfix-local[26516]: PASS during call 'dd52-domainkeys' handler
    Jul 10 14:15:41 ip-172-31-27-123 postfix/pipe[26515]: CEDFD834D2: to=<webmaster@age1.com.br>, relay=plesk_virtual, delay=2.7, delays=2.6/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
    Jul 10 14:15:41 ip-172-31-27-123 postfix/qmgr[25637]: CEDFD834D2: removed
    Jul 10 14:15:41 ip-172-31-27-123 postfix/smtpd[26508]: disconnect from registration.parallels.com[199.115.105.22]
    Jul 10 14:15:44 ip-172-31-27-123 postfix/smtpd[26508]: connect from registration.parallels.com[199.115.105.22]
    Jul 10 14:15:45 ip-172-31-27-123 postfix/smtpd[26508]: 7E35A834D2: client=registration.parallels.com[199.115.105.22]
    Jul 10 14:15:45 ip-172-31-27-123 postfix/cleanup[26512]: 7E35A834D2: message-id=<20130710_181532_040494.parallels@parallelscentral.com>
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: SKIP
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: SKIP during call 'check-quota' handler
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Starting spf filter...
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Error code: (2) Could not find a valid SPF record
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: Failed to query MAIL-FROM: No DNS data for 'parallelscentral.com'.
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: SPF result: none
    Jul 10 14:15:45 ip-172-31-27-123 spf filter[26521]: SPF status: PASS
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: handlers_stderr: PASS
    Jul 10 14:15:45 ip-172-31-27-123 /usr/lib64/plesk-9.0/psa-pc-remote[25432]: PASS during call 'spf' handler
    Jul 10 14:15:45 ip-172-31-27-123 postfix/qmgr[25637]: 7E35A834D2: from=<parallels@parallelscentral.com>, size=2696, nrcpt=1 (queue active)
    Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: postfix-local: from=parallels@parallelscentral.com, to=webmaster@age1.com.br, dirname=/var/qmail/mailnames
    Jul 10 14:15:45 ip-172-31-27-123 dk_check[26523]: DK_STAT_NOSIG: No signature available in message
    Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: handlers_stderr: PASS
    Jul 10 14:15:45 ip-172-31-27-123 postfix-local[26522]: PASS during call 'dd52-domainkeys' handler
    Jul 10 14:15:46 ip-172-31-27-123 postfix/pipe[26515]: 7E35A834D2: to=<webmaster@age1.com.br>, relay=plesk_virtual, delay=0.68, delays=0.65/0/0/0.03, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
    Jul 10 14:15:46 ip-172-31-27-123 postfix/qmgr[25637]: 7E35A834D2: removed
    Jul 10 14:15:46 ip-172-31-27-123 postfix/smtpd[26508]: disconnect from registration.parallels.com[199.115.105.22]
    Any help please???
  2. Nikolay.

    Nikolay. New Member

    Messages:
    844
    Apparently, you don't have /etc/postfix/postfix_default.pem file. Restore it with proper content and permissions and you should be OK. Please, address Postfix documentation for details.
  3. OtavioS

    OtavioS New Member

    Messages:
    2
    This problem occured when I deploied Parallels Plesk Panel 11 on Amazon EC2 service. I did it and solved the problem:

    Code:
    mkdir /etc/postfix/tls
    chown root:postfix /etc/postfix/tls
    chmod u=rwx,go= /etc/postfix/tls
    cd /etc/postfix/tls
    openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
    
    Then I changed /etc/postfix/main.cf

    Code:
    smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
    smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
    smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    smtp_tls_security_level = may
    smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
    smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
    smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
    smtp_use_tls = yes
    smtpd_tls_received_header = yes
    smtpd_tls_ask_ccert = yes
    smtpd_tls_loglevel = 1
    tls_random_source = dev:/dev/urandom
    
    Reload postfix

    Code:
    postfix reload
    
    And works perfectly ;)
  4. OlivierLigny

    OlivierLigny New Member

    Messages:
    1
    Had the same problem with a brand new Plesk 12.
    Instead of modifying /etc/postfix/main.cf, I just had to copy the freshly created smtpd.pem to /etc/pki/[myhostname].pem (look for smtpd_tls_cert_file directive which is already in /etc/postfix/main.cf)
    And it worked perfectly after a "postfix reload".
  5. yabado

    yabado Bit Poster

    Messages:
    58
    Thanks , this helped me locate my issue.

    I am using the AWS Pleck EC2 instance sold in the AWS Marketplace.

    So, the the /etc/postfix/postfix_default.pem is not there by default.

    This is the location the etc/postfix/main.cf says where the cert should be, yet it is not.

    The fix, cd into /etc/postfix/ and run the following command to create the cert. ...

    Code:
    openssl req -new -x509 -nodes -out postfix_default.pem -keyout postfix_default.pem -days 3650
    
    Hope this helps :)
    Last edited: Jul 14, 2014

Share This Page