Another Ubuntu upgrade, Another dovecot+postfix breakage

It seems like every time I upgrade Ubuntu, dovecot+postfix breaks. Maybe its just my luck, but it has gotten fairly annoying to be the only service that breaks after any upgrade.

This time I spent hours last weekend reinstalling, uninstalling and reinstalling postfix and dovecot about 4 or 5 times. Sad to say here I don’t know quite what fixed it but I was able to receive mail.

Now today I found out I wasn’t able to send mail. So back into debug mode again to resolve that.

While doing some tests I realized that i couldn’t even log into my mail server under smtp (port 25). After some digging around I came across this little post:

The most important part here was a new line and change to an existing one:

auxprop_plugin: sql
sql_engine: mysql

Which for me was that auxprop_plugin went from mysql to sql and I added the new line below. This after a proper service restart resolved that problem. However I still had a problem of connecting to mail across SMTP+SSL (ie SMTPS on 465).

First off, I discovered my SSL certs for dovecot where outdated (expired it seems). While this shouldn’t of been causing the problem, I reissued the certificates. A quick search turned up and I was quickly back in business after backing up, deleting and generating the new certificates. I did modify the file and generate longer certificates though so it wouldn’t expire as fast (default is 1 year).

In my research, I found out a helpful command would tell me if SSL was working:

$ openssl s_client -connect
482:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-44/src/ssl/s23_clnt.c:607:

It failed as you can see. I will also mention you can test just TLS here by using:

openssl s_client -starttls smtp -connect

I ran this command on the server directly, and it did give me more output, which became my basis for google searches.

openssl s_client -connect
139900418954912:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 226 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

This problem here after many google searches not turning up too many results, I stumbled onto this blog post, which had my answer.

smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

I had the options commented out. So while the service was running on 465, the options where not set to enable TLS on that port. A few quick changes and service restart later, everything was working. Which leaves me with another note of being more careful doing file merging when using SSH during a upgrade. I most likely botched the file at that time.

One Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.