Scenario:

Unable to send an email using the STARTTLS authentication:

454 4.7.0 TLS not available due to local problem

The following error can be found in the /var/log/maillog file:

postfix/smtpd[26508]: warning: cannot get RSA certificate from file /etc/postfix/postfix_default.pem: disabling TLS support
postfix/smtpd[26508]: warning: TLS library problem: 26508:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/etc/postfix/postfix_default.pem','r'):
postfix/smtpd[26508]: warning: TLS library problem: 26508:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
postfix/smtpd[26508]: warning: TLS library problem: 26508:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:

Reasons:

TLS misconfiguration in Postfix:

The postfix_default.pem certificate file does not contain the valid SSL certificate or it is broken.

The path to the certificate is incorrect in the /etc/postfix/main.cf file.

TLS configuration parameters are missing in the /etc/postfix/main.cf file.


Solution:

Using Plesk:

  1. Log in to Plesk.
  2. Go to Tools & Settings > SSL/TLS Certificates.
  3. Click the Change link opposite the Certificate for securing mail option:



  4. Specify the correct Certificate in the Select Certificate drop-down menu.
  5. Press the OK button to apply changes.
  6. If the issue persists, compare the current configuration with the steps from the "via SSH" section and fix the configuration if it is required.

 

Using SSH:

1. Connect to the server via SSH.

2. Create the /etc/postfix/tls directory, set correct ownership, group, permissions and create a certificate file:

mkdir /etc/postfix/tls
# chown root:postfix /etc/postfix/tls
# chmod u=rwx,go= /etc/postfix/tls
# cd /etc/postfix/tls
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

3. Change /etc/postfix/main.cf accordingly:

smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom

4.If the smtpd_sasl_auth_enable = yes option is set in the /etc/postfix/main.cf file, make sure that the saslauthd service is started:

service saslauthd status

5. Reload Postfix configuration:

service postfix restart

Done!!

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Create a Backup of Your Database Through the Plesk Control Panel

To create a backup of your MSSQL or MySQL database please follow the instructions for the version...
Upgrading Plesk 12.5 to Onyx

With this short tutorial we will show you how to upgrade your Plesk 12.5 version to Plesk...
Setting Default Name Servers in Plesk

The default name servers will be used for all of the hosting accounts on your account. This is...
How to Change the .NET Framework Version with Plesk Control Panel

How to Change the .NET Framework Version with Plesk Control Panel By default Windows Shared...
What is Plesk Onyx and its Features

Explaining Plesk Onyx and it's features: Plesk is designed to help IT specialists manage web,...