warning: TLS library problem und auth-worker: mysql(localhost)

#1
Hallo Community

Nach der Anleitung von:
Der Perfekte Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3)

Bei mir erscheint sporadisch folgende log Meldungen:

postfix/smtpd[18451]: warning: TLS library problem: 18451:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
May 10 20:36:45 server1 postfix/smtpd[19495]: warning: TLS library problem: 19495:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:

und

auth-worker: mysql(localhost): Connected to database dbispconfig
May 10 20:37:47 server1 dovecot: auth-worker: mysql(localhost): Connected to database dbispconfig

Danke für die Hilfe im Voraus
 
Zuletzt bearbeitet:

Till

Administrator
#2
postfix/smtpd[18451]: warning: TLS library problem: 18451:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
May 10 20:36:45 server1 postfix/smtpd[19495]: warning: TLS library problem: 19495:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
poste mal die postfix master.cf datei.

auth-worker: mysql(localhost): Connected to database dbispconfig
May 10 20:37:47 server1 dovecot: auth-worker: mysql(localhost): Connected to database dbispconfig
Das ist keine warnung sodern eine erfolgsmeldung ;)
 
#4
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================


smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - n 60 1 pickup

-o content_filter=
-o receive_override_options=no_header_body_checks

cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe

flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipien$
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.

#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}$
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

dovecot unix - n n - - pipe
flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${$
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_$
 
Zuletzt bearbeitet:
#5
Log ISP Config3

May 12 10:40:02 server1 postfix/smtpd[14276]: connect from localhost.localdomain[127.0.0.1]
May 12 10:40:02 server1 postfix/smtpd[14276]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
May 12 10:40:02 server1 postfix/smtpd[14276]: disconnect from localhost.localdomain[127.0.0.1]
May 12 10:40:02 server1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 12 10:40:48 server1 postfix/smtpd[14276]: connect from mailc-fd.linkedin.com[199.101.162.80]
May 12 10:40:49 server1 postfix/smtpd[14276]: SSL_accept error from mailc-fd.linkedin.com[199.101.162.80]: 0
May 12 10:40:49 server1 postfix/smtpd[14276]: warning: TLS library problem: 14276:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
May 12 10:40:49 server1 postfix/smtpd[14276]: lost connection after STARTTLS from mailc-fd.linkedin.com[199.101.162.80]
May 12 10:40:49 server1 postfix/smtpd[14276]: disconnect from mailc-fd.linkedin.com[199.101.162.80]
 
#8
Hallo Till

Danke Till habe das Zertifikat neu erstehlt aber ohne erfolg!

Was mir auch noch aufgefallen ist. Die Nachrichten in der mail/root lassen sich nicht leeren. Keine Berechtigung.

Komisch
 
#9
Neue Log Meldung

May 15 07:43:44 server1 postfix/smtpd[14509]: connect from mail-proxy-be-01.sunrise.ch[194.158.229.48]
May 15 07:43:44 server1 postfix/smtpd[14509]: SSL_accept error from mail-proxy-be-01.sunrise.ch[194.158.229.48]: 0
May 15 07:43:44 server1 postfix/smtpd[14509]: warning: TLS library problem: 14509:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
May 15 07:43:44 server1 postfix/smtpd[14509]: lost connection after STARTTLS from mail-proxy-be-01.sunrise.ch[194.158.229.48]
May 15 07:43:44 server1 postfix/smtpd[14509]: disconnect from mail-proxy-be-01.sunrise.ch[194.158.229.48]
May 15 07:45:02 server1 postfix/smtpd[14509]: connect from localhost.localdomain[127.0.0.1]
May 15 07:45:02 server1 postfix/smtpd[14509]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
May 15 07:45:02 server1 postfix/smtpd[14509]: disconnect from localhost.localdomain[127.0.0.1]
May 15 07:45:02 server1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 15 07:45:02 server1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 15 07:45:21 server1 postfix/smtpd[14509]: connect from mailman203-q0.be.tmpw.net[208.71.199.5]
May 15 07:45:22 server1 postfix/smtpd[14509]: 4A6F7DC1C87: client=mailman203-q0.be.tmpw.net[208.71.199.5]
 
#10
Mail-Error - Log

Habe neue Meldungen vom System:

May 11 16:44:32 server1 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
May 11 18:58:02 server1 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
May 15 14:51:55 server1 dovecot: config: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smtpd.cert: No such file or directory
May 15 14:51:55 server1 dovecot: master: Error: service(config): command startup failed, throttling
May 15 14:51:55 server1 dovecot: pop3-login: Fatal: Error reading configuration: read(/var/run/dovecot/config) failed: Connection reset by peer
May 15 14:51:55 server1 dovecot: master: Error: service(pop3-login): command startup failed, throttling
May 15 14:53:32 server1 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF

Danke für die Hilfe
 

Till

Administrator
#11
Hast Du das sslsl cert von postfix unter einem anderen namen neu erstellt? Es muss /etc/postfix/smtpd.cert heißen, damit es in postfix und dovecot funktioniert und der key muss /etc/postfix/smtpd.key heißen.
 
#12
Hallo Till

Danke für deine Hilfe wie aber schon erwähnt bin ich, was Linux angeht, ein absoluter leihe.
Wäre es möglich mir da eine kleine Anleitung zugeben.

Entschuldige das Ich, das leider alleine nicht ... fertigbringe

Folgendes habe ich nun gemacht

cd /etc/postfix/ mv smtpd.cert smtpd.cert.old mv smtpd.key smtpd.key.old openssl genrsa -out smtpd.key 2048 openssl req -new -x509 -key smtpd.key -out smtpd.cert -days 3650 chmod 640 smtpd.key /etc/init.d/postfix restart /etc/init.d/dovecot restart
ist das so korrekt da fehlt noch was oder
 
Zuletzt bearbeitet:

Werbung