4 Replies Latest reply: Feb 11, 2008 3:13 PM by Paul Kleeberg
Paul Kleeberg Level 1 Level 1
The postmaster account on my server is getting the following messages:

Out: 220 [mydomain].com ESMTP Postfix
In:  EHLO Srvmes01.bredinprat.com
Out: 250-[mydomain].com
Out: 250-PIPELINING
Out: 250-SIZE 9437184
Out: 250-VRFY
Out: 250-ETRN
Out: 250-AUTH LOGIN PLAIN CRAM-MD5
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In:  STARTTLS
Out: 454 4.3.0 TLS not available due to local problem

Session aborted, reason: lost connection


In the system log I see:

Feb 9 10:31:53 mini postfix/smtpd[37430]: warning: cannot get private key from file /etc/certificates/[mydomain].key
Feb 9 10:31:53 mini postfix/smtpd[37430]: warning: TLS library problem: 37430:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
Feb 9 10:31:53 mini postfix/smtpd[37430]: warning: TLS library problem: 37430:error:0906A068:PEM routines:PEMdoheader:bad password read:pem_lib.c:401:
Feb 9 10:31:53 mini postfix/smtpd[37430]: warning: TLS library problem: 37430:error:140B0009:SSL routines:SSLCTX_use_PrivateKeyfile:PEM lib:ssl_rsa.c:709:


Any suggestions as to what I should do?

Mini Server, Mac OS X (10.5.1), MacBook 2.2Ghz, 24"Intel iMac  20"G5 iMac ... SE30
Solved by pterobyte on Feb 10, 2008 2:27 AM Solved
If it is a self generated certificate, just create a new one and don't use a passphrase when generating it. If you purchased it you'll need to strip the passphrase.
Reply by pterobyte on Feb 9, 2008 9:11 AM Helpful
Well those things don't just happen. Did you change/add an SSL certificate? If yes, did you use a passphrase? Postfix cannot read SSL certs with a passphrase in the private key.

All replies