Re: smtpd dies with fatal: smtp: ssltree out of sync

Tue, 31 Dec 2013 15:28:39 -0800 

Joel Knight had similar problem in the past and he gave me a clue that
the problem my be related to multiple certificates in one single file
(lile cert.pem has). Below change makes OpenSMTPD running again for me:

--- /etc/mail/smtpd.conf    Wed Jan  1 00:23:52 2014
+++ /etc/mail/smtpd.conf    Wed Jan  1 00:24:04 2014
@@ -6,7 +6,6 @@
 bounce-warn 4h, 1d, 2d
 expire 7d

-pki openbsd.my.domain ca "/etc/ssl/cert.pem"
 pki openbsd.my.domain key "/etc/mail/certs/smtpd.key"
 pki openbsd.my.domain dhparams "/etc/mail/certs/dh4096.pem"
 pki openbsd.my.domain certificate "/etc/mail/certs/smtpd.crt"


Thanks again Joel!

On Mon, Dec 30, 2013 at 10:45:46PM +0000, Mikolaj Kucharski wrote:
> Hi,
> 
> I've just upgraded my OpenBSD-based mail server to:
> 
> OpenBSD 5.4-current (GENERIC.MP) #187: Sat Dec 28 17:15:20 MST 2013
>     dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
> 
> 
> and I cannot figure out where is the problem in my smtpd config:
> 
> 
> # /etc/mail/smtpd.conf
> 
> ext_if = re0
> 
> max-message-size 35m
> bounce-warn 4h, 1d, 2d
> expire 7d
> 
> pki openbsd.my.domain ca "/etc/ssl/cert.pem"
> pki openbsd.my.domain key "/etc/mail/certs/smtpd.key"
> pki openbsd.my.domain dhparams "/etc/mail/certs/dh4096.pem"
> pki openbsd.my.domain certificate "/etc/mail/certs/smtpd.crt"
> 
> listen on lo0
> listen on $ext_if tls pki openbsd.my.domain auth-optional
> 
> table aliases db:/etc/mail/aliases.db
> 
> accept from any for local alias <aliases> deliver to mbox
> accept from local for any relay
> 
> 
> 
> # smtpd -n -f /etc/mail/smtpd.conf
> configuration OK
> 
> # smtpd -dvvv -f /etc/mail/smtpd.conf
> debug: init ssl-tree
> info: loading pki information for openbsd.my.domain
> info: OpenSMTPD 5.4.1 starting
> debug: bounce warning after 4h
> debug: bounce warning after 1d
> debug: bounce warning after 2d
> debug: using "fs" queue backend
> debug: using "ramqueue" scheduler backend
> debug: using "ram" stat backend
> info: startup [debug mode]
> debug: parent_send_config_ruleset: reloading
> debug: parent_send_config_mfa: reloading
> debug: parent_send_config: configuring smtp
> mfa: building simple chains...
> mfa: building complex chains...
> mfa: done building complex chains
> mfa: done building default chain
> debug: mfa ready
> smtpd: fatal: smtp: ssltree out of sync
> warn: mfa -> smtp: pipe closed
> warn: control -> smtp: pipe closed
> warn: parent -> smtp: pipe closed
> failed to open table aliases
> warn: mta -> control: pipe closed
> warn: mda -> control: pipe closed
> warn: scheduler -> control: pipe closed
> debug: queue: done loading queue into scheduler
> warn: queue -> smtp: pipe closed
> 
> # pgrep -lf smtpd | wc -l
>        0
> 
> Any idea what I'm doing wrong?
> 

-- 
best regards
q#

Reply via email to