tlsv1 alert unknown ca: SSL alert number 48
Maurizio Caloro
mauric at gmx.ch
Sat Jan 28 23:21:47 UTC 2017
Hello together
Please i'am new to this list, i have already installed Postfix and
Dovecot last version from Internet
but i have the porblem that the mail do not arive, and with me Cert, i
have read on the Dovecot site,
but i don't have me found me solutions to fix this. "tlsv1 alert unknown
ca: SSL alert number 48"
Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read()
failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown
ca: SSL alert number 48, session=
# dovecot --version
2.2.27 (c0f36b0)
i think that the settings about Cert are done, but if connecting with
Thunderbird i will become this error
"tlsv1 alert unknown ca: SSL alert number 48"
Please you can point me to the right direction, so i can run this
Mailserver on me RaspverryPi.
Regards
Mauri
--
"10-ssl.conf" i have editing and Dovecot and Postfix reloaded without
problems.
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
ssl_ca = </etc/ssl/private/cert.pem
root at raspberrypi: # cat /var/log/mail.log
Jan 28 22:50:08 raspberrypi postfix/smtp[1889]: 9CF1E63F53:
to=<mauric at gmx.ch>, relay=mx01.emig.gmx.net[212.227.17.5]:25,
delay=193476, delays=193476/0.03/0.17/0, dsn=4.0.0, status=deferred
(host mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net
(mxgmx109) Nemesis ESMTP Service not available 554-No SMTP service
554-IP address is black listed. 554 For explanation visit
http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl)
Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 7740F63E0F:
from=<joe at caloro.ch>, size=575, nrcpt=1 (queue active)
Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 98D5D63E0E:
from=<joe at caloro.ch>, size=578, nrcpt=1 (queue active)
Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 9946863E0D:
from=<joe at caloro.ch>, size=550, nrcpt=1 (queue active)
Jan 28 22:55:08 raspberrypi postfix/smtp[1926]: 7740F63E0F: host
mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net
(mxgmx113) Nemesis ESMTP Service not available 554-No SMTP service
554-IP address is black listed. 554 For explanation visit
http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl
Jan 28 22:55:08 raspberrypi postfix/smtp[1926]: 7740F63E0F:
to=<mauric at gmx.ch>, relay=mx00.emig.gmx.net[212.227.15.9]:25,
delay=298205, delays=298205/0.03/0.18/0, dsn=4.0.0, status=deferred
(host mx00.emig.gmx.net[212.227.15.9] refused to talk to me: 554-gmx.net
(mxgmx006) Nemesis ESMTP Service not available 554-No SMTP service
554-IP address is black listed. 554 For explanation visit
http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl)
Jan 28 22:55:38 raspberrypi postfix/smtp[1927]: connect to
caloro.ch[158.181.112.49]:25: Connection timed out
Jan 28 22:55:38 raspberrypi postfix/smtp[1927]: 98D5D63E0E:
to=<joe at caloro.ch>, relay=none, delay=298271, delays=298241/0.03/30/0,
dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25:
Connection timed out)
Jan 28 22:55:38 raspberrypi postfix/smtp[1928]: connect to
caloro.ch[158.181.112.49]:25: Connection timed out
Jan 28 22:55:38 raspberrypi postfix/smtp[1928]: 9946863E0D:
to=<joe at caloro.ch>, relay=none, delay=298375, delays=298345/0.04/30/0,
dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25:
Connection timed out)
Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 54EA064AF4: from=<>,
size=2460, nrcpt=1 (queue active)
Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 1D29F5F03D: from=<>,
size=2471, nrcpt=1 (queue active)
Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 86D2B63F5A:
from=<joe at caloro.ch>, size=581, nrcpt=1 (queue active)
Jan 28 23:00:38 raspberrypi postfix/smtp[2011]: connect to
caloro.ch[158.181.112.49]:25: Connection timed out
Jan 28 23:00:38 raspberrypi postfix/smtp[2013]: connect to
caloro.ch[158.181.112.49]:25: Connection timed out
Jan 28 23:00:38 raspberrypi postfix/smtp[2012]: connect to
caloro.ch[158.181.112.49]:25: Connection timed out
Jan 28 23:00:38 raspberrypi postfix/smtp[2011]: 54EA064AF4:
to=<joe at caloro.ch>, relay=none, delay=4596, delays=4566/0.03/30/0,
dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25:
Connection timed out)
Jan 28 23:00:38 raspberrypi postfix/smtp[2013]: 86D2B63F5A:
to=<joe at caloro.ch>, relay=none, delay=4586, delays=4556/0.04/30/0,
dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25:
Connection timed out)
Jan 28 23:00:38 raspberrypi postfix/smtp[2012]: 1D29F5F03D:
to=<joe at caloro.ch>, relay=none, delay=350945, delays=350915/0.03/30/0,
dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25:
Connection timed out)
Jan 28 23:05:08 raspberrypi postfix/qmgr[940]: E3C3C5DA02:
from=<joe at caloro.ch>, size=576, nrcpt=1 (queue active)
Jan 28 23:05:08 raspberrypi postfix/error[2058]: E3C3C5DA02:
to=<joe at caloro.ch>, relay=none, delay=21492, delays=21492/0.03/0/0.02,
dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to
caloro.ch[158.181.112.49]:25: Connection timed out)
Jan 28 23:10:08 raspberrypi postfix/qmgr[940]: BEB535F03F: from=<>,
size=2870, nrcpt=1 (queue active)
root at raspberrypi: # doveconf -N
# 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 4.4.41-v7+ armv7l Debian 8.0
auth_mechanisms = plain
disable_plaintext_auth = yes
listen = *, ::
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace {
inbox = yes
location =
mailbox {
special_use = \Drafts
name = Drafts
}
mailbox {
special_use = \Junk
name = Junk
}
mailbox {
special_use = \Sent
name = Sent
}
mailbox {
special_use = \Sent
name = Sent Messages
}
mailbox {
special_use = \Trash
name = Trash
}
prefix =
name = inbox
}
passdb {
driver = pam
name =
}
passdb {
args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users
driver = passwd-file
name =
}
protocols = imap pop3
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service {
unix_listener {
mode = 0666
path = /var/spool/postfix/private/auth
}
unix_listener {
group = postfix
mode = 0666
user = postfix
path = auth-userdb
}
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
ssl = yes
ssl_ca = </etc/ssl/private/cert.pem
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
name =
}
userdb {
args = username_format=%u /usr/local/etc/dovecot/users
driver = passwd-file
name =
}
protocol lmtp {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
protocol lda {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
protocol imap {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
protocol pop3 {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
More information about the dovecot
mailing list