Hi, I've been tasked with setting up a FreeBSD-based email server.
I've come across an issue, giving an error stating "fatal access denied" when attempting to initiate TLS connections (either smtps or with starttls). The certificates work fine on a test OpenBSD host, so they're not the issue. I'm amused that both dovecot *and* opensmtpd show almost identical issue, and suspect that something openssl related might be broken. debug: smtp: new client on listener: 0x8024eb000 smtp-in: New session 6f9022aa19efcad6 from host athena.barrera.io [190.210.108.249] debug: lka: looking up pki "mail.asteq.com.ar" debug: session_start_ssl: switching to SSL debug: pony: rsae_priv_enc debug: SSL library error: io_dispatch_accept_ssl:SSL_accept: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied smtp-in: Disconnecting session 6f9022aa19efcad6: IO error: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied debug: smtp: 0x802501000: deleting session: IO error Some details: * This is FreeBSD 10.1-RELEASE-p5. * Ie checked the certificates and keys and they look fine. I tried another self-generated pair too. * Tried both opensmtpd-5.4.4,1 and opensmtpd-snapshot-201502012312. * Certificates were generated with "openssl genrsa -out ssl.key 4096". * The original certificates (I later tried self-signed) were signed by StartSSL. Any hints? My guess is that SSL is failing somewhere, but I don't know how to continue to track this down. Someone on the FreeBSD list suggested making sure that the CAs were installed, and they are - though I'm not sure it's 100% relevant. Thanks, -- Hugo Osvaldo Barrera A: Because we read from top to bottom, left to right. Q: Why should I start my reply below the quoted text?
signature.asc
Description: PGP signature
