# warning: TLS library problem und auth-worker: mysql(localhost)



## wasdim (10. Mai 2014)

Hallo Community 

Nach der Anleitung von:
Der Perfekte Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3)

Bei mir erscheint sporadisch folgende log Meldungen:

postfix/smtpd[18451]: warning: TLS library problem: 18451:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
May 10 20:36:45 server1 postfix/smtpd[19495]: warning: TLS library  problem: 19495:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert  protocol version:s3_pkt.c:1260:SSL alert number 70:

und

auth-worker: mysql(localhost): Connected to database dbispconfig
May 10 20:37:47 server1 dovecot: auth-worker: mysql(localhost): Connected to database dbispconfig

Danke für die Hilfe im Voraus


----------



## Till (12. Mai 2014)

> postfix/smtpd[18451]: warning: TLS library problem: 18451:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
> May 10 20:36:45 server1 postfix/smtpd[19495]: warning: TLS library problem: 19495:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:


poste mal die postfix master.cf datei.



> auth-worker: mysql(localhost): Connected to database dbispconfig
> May 10 20:37:47 server1 dovecot: auth-worker: mysql(localhost): Connected to database dbispconfig


Das ist keine warnung sodern eine erfolgsmeldung


----------



## wasdim (12. Mai 2014)

Hallo Till

Blöde frage wie mache ich das bin ja Anfänger!

Wie Kopiere ich diese master.conf

Danke für deine Hilfe


----------



## wasdim (12. Mai 2014)

# Postfix master process configuration file.  For details on the format
  # of the file, see the master(5) manual page (command: "man 5 master").
  #
  # Do not forget to execute "postfix reload" after editing this file.
  #
  # ==========================================================================
  # service type  private unpriv  chroot  wakeup  maxproc command + args
  #               (yes)   (yes)   (yes)   (never) (100)
  # ==========================================================================


  smtp      inet  n       -       -       -       -       smtpd
  #smtp      inet  n       -       -       -       1       postscreen
  #smtpd     pass  -       -       -       -       -       smtpd
  #dnsblog   unix  -       -       -       -       0       dnsblog
  #tlsproxy  unix  -       -       -       -       0       tlsproxy
  submission inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix/submission
  #  -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  #  -o milter_macro_daemon_name=ORIGINATING
  smtps     inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  #  -o milter_macro_daemon_name=ORIGINATING
  #628       inet  n       -       -       -       -       qmqpd
  pickup    fifo  n       -       n       60      1       pickup

          -o content_filter=
          -o receive_override_options=no_header_body_checks

  cleanup   unix  n       -       n       -       0       cleanup
  qmgr      fifo  n       -       n       300     1       qmgr
  #qmgr     fifo  n       -       n       300     1       oqmgr
  tlsmgr    unix  -       -       -       1000?   1       tlsmgr
  rewrite   unix  -       -       -       -       -       trivial-rewrite
  bounce    unix  -       -       -       -       0       bounce
  defer     unix  -       -       -       -       0       bounce
  trace     unix  -       -       -       -       0       bounce
  verify    unix  -       -       -       -       1       verify
  flush     unix  n       -       -       1000?   0       flush
  proxymap  unix  -       -       n       -       -       proxymap
  proxywrite unix -       -       n       -       1       proxymap
  smtp      unix  -       -       n       -       -       smtp
                                 relay     unix  -       -       -       -       -       smtp
  #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
  showq     unix  n       -       -       -       -       showq
  error     unix  -       -       -       -       -       error
  retry     unix  -       -       -       -       -       error
  discard   unix  -       -       -       -       -       discard
  local     unix  -       n       n       -       -       local
  virtual   unix  -       n       n       -       -       virtual
  lmtp      unix  -       -       -       -       -       lmtp
  anvil     unix  -       -       -       -       1       anvil
  scache    unix  -       -       -       -       1       scache
  #
  # ====================================================================
  # Interfaces to non-Postfix software. Be sure to examine the manual
  # pages of the non-Postfix software to find out what options it wants.
  #
  # Many of the following services use the Postfix pipe(8) delivery
  # agent.  See the pipe(8) man page for information about ${recipient}
  # and other message envelope options.
  # ====================================================================
  #
  # maildrop. See the Postfix MAILDROP_README file for details.
  # Also specify in main.cf: maildrop_destination_recipient_limit=1
  #
  maildrop  unix  -       n       n       -       -       pipe

    flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipien$
  #
  # ====================================================================
  #
  # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
  #
  # Specify in cyrus.conf:
  #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
  #
  # Specify in main.cf one or more of the following:
  #  mailbox_transport = lmtp:inet:localhost
  #  virtual_transport = lmtp:inet:localhost
  #
  # ====================================================================
  #
  # Cyrus 2.1.5 (Amos Gouaux)
  # Also specify in main.cf: cyrus_destination_recipient_limit=1
  #
  #cyrus     unix  -       n       n       -       -       pipe
  #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
  #
  # ====================================================================
  # Old example of delivery via Cyrus.

    #old-cyrus unix  -       n       n       -       -       pipe
  #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
  #
  # ====================================================================
  #
  # See the Postfix UUCP_README file for configuration details.
  #
  uucp      unix  -       n       n       -       -       pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  #
  # Other external delivery methods.
  #
  ifmail    unix  -       n       n       -       -       pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
  bsmtp     unix  -       n       n       -       -       pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
  scalemail-backend unix  -       n       n       -       2       pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}$
  mailman   unix  -       n       n       -       -       pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}

  dovecot   unix  -       n       n       -       -       pipe
    flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${$
  amavis unix - - - - 2 smtp
          -o smtp_data_done_timeout=1200

            -o smtp_send_xforward_command=yes

  127.0.0.1:10025 inet n - - - - smtpd
          -o content_filter=
          -o local_recipient_maps=
          -o relay_recipient_maps=
          -o smtpd_restriction_classes=
          -o smtpd_client_restrictions=
          -o smtpd_helo_restrictions=
          -o smtpd_sender_restrictions=
          -o smtpd_recipient_restrictions=permit_mynetworks,reject
          -o mynetworks=127.0.0.0/8
          -o strict_rfc821_envelopes=yes
          -o receive_override_options=no_unknown_recipient_checks,no_header_body_$


----------



## wasdim (12. Mai 2014)

*Log ISP Config3*

May 12 10:40:02 server1 postfix/smtpd[14276]: connect from localhost.localdomain[127.0.0.1]
May 12 10:40:02 server1 postfix/smtpd[14276]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
May 12 10:40:02 server1 postfix/smtpd[14276]: disconnect from localhost.localdomain[127.0.0.1]
May 12 10:40:02 server1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
  May 12 10:40:48 server1 postfix/smtpd[14276]: connect from mailc-fd.linkedin.com[199.101.162.80]
May 12 10:40:49 server1 postfix/smtpd[14276]: SSL_accept error from mailc-fd.linkedin.com[199.101.162.80]: 0
May 12 10:40:49 server1 postfix/smtpd[14276]: warning: TLS library problem: 14276:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1260:SSL alert number 70:
May 12 10:40:49 server1 postfix/smtpd[14276]: lost connection after STARTTLS from mailc-fd.linkedin.com[199.101.162.80]
May 12 10:40:49 server1 postfix/smtpd[14276]: disconnect from mailc-fd.linkedin.com[199.101.162.80]


----------



## wasdim (14. Mai 2014)

*Hilfe*

Hallo Liebe Community 

Bin ich der Einzige der diese Problem hat.

Im Voraus Danke für eure Hilfe.


----------



## Till (14. Mai 2014)

Erstell mal das ssl cert vom postfix neu. möglicherweise ist das defekt.


----------



## wasdim (14. Mai 2014)

Hallo Till

Danke Till habe das Zertifikat neu erstehlt aber ohne erfolg!

Was mir auch noch aufgefallen ist. Die Nachrichten in der mail/root lassen sich nicht leeren. Keine Berechtigung.

Komisch


----------



## wasdim (15. Mai 2014)

*Neue Log Meldung*

May 15 07:43:44 server1 postfix/smtpd[14509]: connect from mail-proxy-be-01.sunrise.ch[194.158.229.48]
May 15 07:43:44 server1 postfix/smtpd[14509]: SSL_accept error from mail-proxy-be-01.sunrise.ch[194.158.229.48]: 0
May 15 07:43:44 server1 postfix/smtpd[14509]: warning: TLS library  problem: 14509:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert  protocol version:s3_pkt.c:1260:SSL alert number 70:
May 15 07:43:44 server1 postfix/smtpd[14509]: lost connection after STARTTLS from mail-proxy-be-01.sunrise.ch[194.158.229.48]
May 15 07:43:44 server1 postfix/smtpd[14509]: disconnect from mail-proxy-be-01.sunrise.ch[194.158.229.48]
May 15 07:45:02 server1 postfix/smtpd[14509]: connect from localhost.localdomain[127.0.0.1]
May 15 07:45:02 server1 postfix/smtpd[14509]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
May 15 07:45:02 server1 postfix/smtpd[14509]: disconnect from localhost.localdomain[127.0.0.1]
May 15 07:45:02 server1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 15 07:45:02 server1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 15 07:45:21 server1 postfix/smtpd[14509]: connect from mailman203-q0.be.tmpw.net[208.71.199.5]
May 15 07:45:22 server1 postfix/smtpd[14509]: 4A6F7DC1C87: client=mailman203-q0.be.tmpw.net[208.71.199.5]


----------



## wasdim (16. Mai 2014)

*Mail-Error - Log*

Habe neue Meldungen vom System:

May 11 16:44:32 server1 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
May 11 18:58:02 server1 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
May 15 14:51:55 server1 dovecot: config: Fatal: Error in configuration  file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file  /etc/postfix/smtpd.cert: No such file or directory
May 15 14:51:55 server1 dovecot: master: Error: service(config): command startup failed, throttling
May 15 14:51:55 server1 dovecot: pop3-login: Fatal: Error reading  configuration: read(/var/run/dovecot/config) failed: Connection reset by  peer
May 15 14:51:55 server1 dovecot: master: Error: service(pop3-login): command startup failed, throttling
May 15 14:53:32 server1 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF

Danke für die Hilfe


----------



## Till (19. Mai 2014)

Hast Du das sslsl cert von postfix unter einem anderen namen neu erstellt? Es muss /etc/postfix/smtpd.cert heißen, damit es in postfix und dovecot funktioniert und der key muss /etc/postfix/smtpd.key heißen.


----------



## wasdim (19. Mai 2014)

Hallo Till

Danke für deine Hilfe wie aber schon erwähnt bin ich, was Linux angeht, ein absoluter leihe.
Wäre es möglich mir da eine kleine Anleitung zugeben.

Entschuldige das Ich, das leider alleine nicht ... fertigbringe

Folgendes habe ich nun gemacht

cd /etc/postfix/ mv smtpd.cert smtpd.cert.old mv smtpd.key smtpd.key.old openssl genrsa -out smtpd.key 2048 openssl req -new -x509 -key smtpd.key -out smtpd.cert -days 3650 chmod 640 smtpd.key /etc/init.d/postfix restart /etc/init.d/dovecot restart
ist das so korrekt da fehlt noch was oder


----------

