tlsv1 alert unknown ca: SSL alert number 48

Hello together

Please i'am new to this list, i have already installed Postfix and Dovecot last version from Internet but i have the porblem that the mail do not arive, and with me Cert, i have read on the Dovecot site, but i don't have me found me solutions to fix this. "tlsv1 alert unknown ca: SSL alert number 48"

Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session=

# dovecot --version 2.2.27 (c0f36b0)

i think that the settings about Cert are done, but if connecting with Thunderbird i will become this error "tlsv1 alert unknown ca: SSL alert number 48"

Please you can point me to the right direction, so i can run this Mailserver on me RaspverryPi. Regards Mauri

--

"10-ssl.conf" i have editing and Dovecot and Postfix reloaded without problems.

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = yes ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem ssl_ca = </etc/ssl/private/cert.pem

root@raspberrypi: # cat /var/log/mail.log Jan 28 22:50:08 raspberrypi postfix/smtp[1889]: 9CF1E63F53: to=<mauric@gmx.ch>, relay=mx01.emig.gmx.net[212.227.17.5]:25, delay=193476, delays=193476/0.03/0.17/0, dsn=4.0.0, status=deferred (host mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net (mxgmx109) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl) Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 7740F63E0F: from=<joe@caloro.ch>, size=575, nrcpt=1 (queue active)

Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 98D5D63E0E: from=<joe@caloro.ch>, size=578, nrcpt=1 (queue active) Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 9946863E0D: from=<joe@caloro.ch>, size=550, nrcpt=1 (queue active) Jan 28 22:55:08 raspberrypi postfix/smtp[1926]: 7740F63E0F: host mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net (mxgmx113) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl Jan 28 22:55:08 raspberrypi postfix/smtp[1926]: 7740F63E0F: to=<mauric@gmx.ch>, relay=mx00.emig.gmx.net[212.227.15.9]:25, delay=298205, delays=298205/0.03/0.18/0, dsn=4.0.0, status=deferred (host mx00.emig.gmx.net[212.227.15.9] refused to talk to me: 554-gmx.net (mxgmx006) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl) Jan 28 22:55:38 raspberrypi postfix/smtp[1927]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 22:55:38 raspberrypi postfix/smtp[1927]: 98D5D63E0E: to=<joe@caloro.ch>, relay=none, delay=298271, delays=298241/0.03/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 22:55:38 raspberrypi postfix/smtp[1928]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 22:55:38 raspberrypi postfix/smtp[1928]: 9946863E0D: to=<joe@caloro.ch>, relay=none, delay=298375, delays=298345/0.04/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 54EA064AF4: from=<>, size=2460, nrcpt=1 (queue active) Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 1D29F5F03D: from=<>, size=2471, nrcpt=1 (queue active) Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 86D2B63F5A: from=<joe@caloro.ch>, size=581, nrcpt=1 (queue active) Jan 28 23:00:38 raspberrypi postfix/smtp[2011]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 23:00:38 raspberrypi postfix/smtp[2013]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 23:00:38 raspberrypi postfix/smtp[2012]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 23:00:38 raspberrypi postfix/smtp[2011]: 54EA064AF4: to=<joe@caloro.ch>, relay=none, delay=4596, delays=4566/0.03/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:00:38 raspberrypi postfix/smtp[2013]: 86D2B63F5A: to=<joe@caloro.ch>, relay=none, delay=4586, delays=4556/0.04/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:00:38 raspberrypi postfix/smtp[2012]: 1D29F5F03D: to=<joe@caloro.ch>, relay=none, delay=350945, delays=350915/0.03/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:05:08 raspberrypi postfix/qmgr[940]: E3C3C5DA02: from=<joe@caloro.ch>, size=576, nrcpt=1 (queue active) Jan 28 23:05:08 raspberrypi postfix/error[2058]: E3C3C5DA02: to=<joe@caloro.ch>, relay=none, delay=21492, delays=21492/0.03/0/0.02, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:10:08 raspberrypi postfix/qmgr[940]: BEB535F03F: from=<>, size=2870, nrcpt=1 (queue active)

root@raspberrypi: # doveconf -N # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 4.4.41-v7+ armv7l Debian 8.0 auth_mechanisms = plain disable_plaintext_auth = yes listen = *, :: mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox } passdb { driver = pam name = } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users driver = passwd-file name = } protocols = imap pop3 service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service { unix_listener { mode = 0666 path = /var/spool/postfix/private/auth } unix_listener { group = postfix mode = 0666 user = postfix path = auth-userdb } name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } ssl = yes ssl_ca = </etc/ssl/private/cert.pem ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = # hidden, use -P to show it userdb { driver = passwd name = } userdb { args = username_format=%u /usr/local/etc/dovecot/users driver = passwd-file name = } protocol lmtp { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } protocol lda { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } protocol imap { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } protocol pop3 { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } }