lost connection after STARTTLS: Postfix

ssl postfix ruby-on-rails tls starttls
25,935

Solution 1

Perhaps the rails app doesn't trust the postfix certificate?

Solution 2

ActionMailer was changed to a more secure default configuration and checks the server certificate in TLS mode (since version 2-something or 3).

Some solutions are:

  • Restore the old Rails behaviour in the app: add openssl_verify_mode: 'none' to the Rails config
  • Disable TLS on the server: set smtpd_use_tls=no in your Postfix config
  • Set up valid TLS certificates on the server, which are verifiable using a certificate authority on the client (the Rails app). This is probably overkill if it's the same server as appears to be the case in this example, but for this kind of configuration you will want to make sure smtpd is not listening on a public port.
Share:
25,935

Related videos on Youtube

Milan Laslop
Author by

Milan Laslop

Updated on September 17, 2022

Comments

  • Milan Laslop
    Milan Laslop almost 2 years

    I've setup a Postfix + Courier server and have a Rails app configured with the SMTP server settings. Whenever the Rails app tries to send an email, this is what appears in the Postfix log (additional log verbosity set in master.cf)

    Feb 22 03:57:24 alpha postfix/smtpd[1601]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 22 03:57:24 alpha postfix/smtpd[1601]: smtp_get: EOF
Feb 22 03:57:24 alpha postfix/smtpd[1601]: match_hostname: localhost ~? 127.0.0.0/8
Feb 22 03:57:24 alpha postfix/smtpd[1601]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
Feb 22 03:57:24 alpha postfix/smtpd[1601]: lost connection after STARTTLS from localhost[127.0.0.1]
Feb 22 03:57:24 alpha postfix/smtpd[1601]: disconnect from localhost[127.0.0.1]
Feb 22 03:57:24 alpha postfix/smtpd[1601]: master_notify: status 1
Feb 22 03:57:24 alpha postfix/smtpd[1601]: connection closed

    Any ideas as to why it's losing the connection after authentication?

  • Milan Laslop
    Milan Laslop over 13 years
    Looks like that helped, I added the :openssl_verify_mode => 'none' line from here and it connects now: davidroetzel.wordpress.com/2011/01/14/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to disable SSLv3 in Postfix 2.11?
Postfix & Gmail: Authentication Required error
Postfix Send Error: Must Issue STARTTLS command
Client did not present a certificate (Postfix)
How to force a own set of ciphers in Postfix 2.11?
Postfix STARTTLS only on port 25
Postfix "Trusted TLS connection established" but "Server certificate not verified"
Postfix Recipient address rejected: Access denied Error
Postfix TLS over SMTP - RCPT TO prompts renegotiation then 554 5.5.1 Error: no valid recipients
Rails 4 + nginx + unicorn + ssl = 502 Bad Gateway