LMPT SSL

Piotr Rotter piotr.rotter at active24.pl
Mon Jul 27 11:50:51 UTC 2015


Hello,

I tryed to eneble TLS connection from postfix to dovecot lmtp. 
Unfortunely I have problem with certificate, postfix shows,

2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS 
connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with 
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

I checked certs by openssl s_client:
#openssl s_client -connect localhost:24 -showcerts -starttls smtp 
-CApath /etc/ssl/certs/

And I gets

didn't found starttls in server response, try anyway...
depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, 
OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, 
OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, 
OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
verify error:num=21:unable to verify the first certificate
verify return:1

It look likes dovecot lmtp send 3 times the same certificate.
I made the same test for imap in the same dovecot instance:

#openssl s_client -connect localhost:143 -showcerts -starttls imap 
-CApath /etc/ssl/certs/
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3
verify return:1
depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, 
OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
verify return:1

For imap it looks ok. Why lmtp shows wrong certs list

# dovecot --version
2.2.16

-- 
Pozdrawiam! / Best regards!
------------------
Piotr Rotter
Konsultant IT / IT Consultant
===========================================
http://www.ACTIVE24.pl - Powerful hosting - surprisingly easy
===========================================
ul. Barkocińska 6, 03-543 Warszawa PL
Email: bok at active24.pl
Tel: +48 222 950 446


More information about the dovecot mailing list