PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Mailserver Probleme - selbstsign. Zertifikat - Postfix - Courier - Amavis_New - Spa



TimeJunky
06.04.07, 16:56
Hallo,

auf meinem Server mit einem selbstsignierten Zertifikat habe ich Probleme
einige E-Mails zu versenden.

Wie gehe ich das Problem an?

Aufgesetzt ist ein aktuelles Debian-System.

Gruß, Philip


----------------------------------------------------------------------------------------------------------------------------
#tail -150 /var/log/mail.log


r 6 01:41:20 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9255 killed by signal 11
Apr 6 01:41:20 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9257 killed by signal 11
Apr 6 01:41:20 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9256 killed by signal 11
...
Apr 6 01:41:20 server1 postfix/qmgr[8957]: 8A485FB359: to=<npe@....net>,
relay=none, delay=506, status=deferred (delivery temporarily suspended:
unknown mail transport error)
...
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:20 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:22 server1 postfix/smtp[9248]: setting up TLS connection to
mail.einjenerserver.net
Apr 6 01:41:22 server1 postfix/smtp[9249]: setting up TLS connection to
mail.einjenerserver.net
Apr 6 01:41:22 server1 postfix/smtp[9248]: verify error:num=20:unable to get
local issuer certificate
Apr 6 01:41:22 server1 postfix/smtp[9248]: verify error:num=27:certificate
not trusted
Apr 6 01:41:22 server1 postfix/smtp[9248]: verify error:num=21:unable to
verify the first certificate
Apr 6 01:41:22 server1 postfix/smtp[9249]: verify error:num=20:unable to get
local issuer certificate
Apr 6 01:41:22 server1 postfix/smtp[9249]: verify error:num=27:certificate
not trusted
Apr 6 01:41:22 server1 postfix/smtp[9249]: verify error:num=21:unable to
verify the first certificate
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:22 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9248 killed by signal 11
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:22 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9249 killed by signal 11
Apr 6 01:41:22 server1 postfix/smtp[9251]: setting up TLS connection to
mail.einjenerserver.net
Apr 6 01:41:22 server1 postfix/smtp[9250]: setting up TLS connection to
mail.einjenerserver.net
Apr 6 01:41:22 server1 postfix/smtp[9251]: verify error:num=20:unable to get
local issuer certificate
Apr 6 01:41:22 server1 postfix/smtp[9251]: verify error:num=27:certificate
not trusted
Apr 6 01:41:22 server1 postfix/smtp[9251]: verify error:num=21:unable to
verify the first certificate
Apr 6 01:41:22 server1 postfix/smtp[9250]: verify error:num=20:unable to get
local issuer certificate
Apr 6 01:41:22 server1 postfix/smtp[9250]: verify error:num=27:certificate
not trusted
Apr 6 01:41:22 server1 postfix/smtp[9250]: verify error:num=21:unable to
verify the first certificate
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:22 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9251 killed by signal 11
Apr 6 01:41:22 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9250 killed by signal 11
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:22 server1 postfix/smtp[9253]: setting up TLS connection to
mail.einjenerserver.net
Apr 6 01:41:22 server1 postfix/smtp[9253]: verify error:num=20:unable to get
local issuer certificate
Apr 6 01:41:22 server1 postfix/smtp[9253]: verify error:num=27:certificate
not trusted
Apr 6 01:41:22 server1 postfix/smtp[9253]: verify error:num=21:unable to
verify the first certificate
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: premature end-of-input on
private/smtp socket while reading input attribute name
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: private/smtp socket:
malformed response
Apr 6 01:41:22 server1 postfix/qmgr[8957]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Apr 6 01:41:22 server1 postfix/master[8955]: warning:
process /usr/lib/postfix/smtp pid 9253 killed by signal 11

----------------------------------------------------------------------------------------------------------------------------
# postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
home_mailbox = Maildir/
inet_interfaces = all
mail_owner = postfix
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mime_header_checks = pcre:/etc/postfix/body_checks
mydestination = /etc/postfix/local-host-names
myhostname = server1.meinserverirgendwo.com
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_local_domain =
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

----------------------------------------------------------------------------------------------------------------------------
# cat /etc/postfix/master.cf

#
# Postfix master process configuration file. Each logical line
# ...
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_etrn_restrictions=reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp -o
smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}

# only used by postfix-tls
tlsmgr fifo - - n 300 1 tlsmgr
smtps inet n - n - - smtpd -o
smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
587 inet n - n - - smtpd -o
smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

#npe
#cyrus unix - n n - - pipe
# flags= user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension}
${user}

#amavis
#http://workaround.org/articles/ispmail-sarge/
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks


----------------------------------------------------------------------------------------------------------------------------

# cat /etc/postfix/main.cf


# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = server1.meinserverirgendwo.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = /etc/postfix/local-host-names
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =


# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


#smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtp_use_tls = yes

#mailbox_transport = cyrus

#spam protection
#http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/postfix-config.html
mime_header_checks=pcre:/etc/postfix/body_checks
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

mail_owner = postfix

inet_protocols = all
#smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
home_mailbox = Maildir/
virtual_maps = hash:/etc/postfix/virtusertable
#smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth

#amavis
#http://workaround.org/articles/ispmail-sarge/
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings