Hi, A long long time ago, you could never hit that fatal() because it meant we had a logic error somewhere in the startup code.
After the many simplifications we did, bad configuration/permissions could lead you to hit that message and fatal() with this cryptic unrelated error when it should have fatal-ed with a different message. We have fixed this and it'll be committed to -current soon, the message is gone forever Gilles On Tue, Dec 31, 2013 at 05:58:32PM -0700, Joel Knight wrote: > I'll just add that I was testing this with the 5.3 release so it doesn't > appear to be related to the recent "pki" changes. > > > > .joel > > > On Tue, Dec 31, 2013 at 4:26 PM, Mikolaj Kucharski > <miko...@kucharski.name>wrote: > > > Joel Knight had similar problem in the past and he gave me a clue that > > the problem my be related to multiple certificates in one single file > > (lile cert.pem has). Below change makes OpenSMTPD running again for me: > > > > --- /etc/mail/smtpd.conf Wed Jan 1 00:23:52 2014 > > +++ /etc/mail/smtpd.conf Wed Jan 1 00:24:04 2014 > > @@ -6,7 +6,6 @@ > > bounce-warn 4h, 1d, 2d > > expire 7d > > > > -pki openbsd.my.domain ca "/etc/ssl/cert.pem" > > pki openbsd.my.domain key "/etc/mail/certs/smtpd.key" > > pki openbsd.my.domain dhparams "/etc/mail/certs/dh4096.pem" > > pki openbsd.my.domain certificate "/etc/mail/certs/smtpd.crt" > > > > > > Thanks again Joel! > > > > On Mon, Dec 30, 2013 at 10:45:46PM +0000, Mikolaj Kucharski wrote: > > > Hi, > > > > > > I've just upgraded my OpenBSD-based mail server to: > > > > > > OpenBSD 5.4-current (GENERIC.MP) #187: Sat Dec 28 17:15:20 MST 2013 > > > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP > > > > > > > > > and I cannot figure out where is the problem in my smtpd config: > > > > > > > > > # /etc/mail/smtpd.conf > > > > > > ext_if = re0 > > > > > > max-message-size 35m > > > bounce-warn 4h, 1d, 2d > > > expire 7d > > > > > > pki openbsd.my.domain ca "/etc/ssl/cert.pem" > > > pki openbsd.my.domain key "/etc/mail/certs/smtpd.key" > > > pki openbsd.my.domain dhparams "/etc/mail/certs/dh4096.pem" > > > pki openbsd.my.domain certificate "/etc/mail/certs/smtpd.crt" > > > > > > listen on lo0 > > > listen on $ext_if tls pki openbsd.my.domain auth-optional > > > > > > table aliases db:/etc/mail/aliases.db > > > > > > accept from any for local alias <aliases> deliver to mbox > > > accept from local for any relay > > > > > > > > > > > > # smtpd -n -f /etc/mail/smtpd.conf > > > configuration OK > > > > > > # smtpd -dvvv -f /etc/mail/smtpd.conf > > > debug: init ssl-tree > > > info: loading pki information for openbsd.my.domain > > > info: OpenSMTPD 5.4.1 starting > > > debug: bounce warning after 4h > > > debug: bounce warning after 1d > > > debug: bounce warning after 2d > > > debug: using "fs" queue backend > > > debug: using "ramqueue" scheduler backend > > > debug: using "ram" stat backend > > > info: startup [debug mode] > > > debug: parent_send_config_ruleset: reloading > > > debug: parent_send_config_mfa: reloading > > > debug: parent_send_config: configuring smtp > > > mfa: building simple chains... > > > mfa: building complex chains... > > > mfa: done building complex chains > > > mfa: done building default chain > > > debug: mfa ready > > > smtpd: fatal: smtp: ssltree out of sync > > > warn: mfa -> smtp: pipe closed > > > warn: control -> smtp: pipe closed > > > warn: parent -> smtp: pipe closed > > > failed to open table aliases > > > warn: mta -> control: pipe closed > > > warn: mda -> control: pipe closed > > > warn: scheduler -> control: pipe closed > > > debug: queue: done loading queue into scheduler > > > warn: queue -> smtp: pipe closed > > > > > > # pgrep -lf smtpd | wc -l > > > 0 > > > > > > Any idea what I'm doing wrong? > > > > > > > -- > > best regards > > q# > -- Gilles Chehade https://www.poolp.org @poolpOrg
