What is my self-made TLS problem for Postfix to Postfix transport "TLS not available due to local problem" ?

Thu, 29 Jan 2015 11:35:00 -0800 

Bleh.  I think I am tired and making worse and worse mistakes.  May be I need 
to make a step away  for some time.  :-(

I have made some change that I cannot find and have an error now I do not see 
or know the cause for.

I made a Postfix instance for getting mail with Postscreen and recipient 
verify steps, and some of the recipient restrictions for smtpd.  It is named 
'pf-in'.

I also made a Postfix instance for simple sending out mail.  It is named 
'pf-out'.

The TLS is turned on to the 'Opportunistic' type with '= may' for both the 
instances.

So I think it should use the TLS when it is available and be okay if not.

On my laptop I send a test email.  It sends to the 'pf-in' instance

sendmail -i -f root -t <<EOF
From: s...@srchdomain.com
To: srcht...@clientdomain.com
Subject: test
test
EOF

I see the mail processing with Postscreen 'pf-in'

Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: CONNECT from 
[XX.XX.XX.XX]:43942 to [YY.YY.YY.YY]:25
Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: WHITELISTED 
[XX.XX.XX.XX]:43942

Then next after the Postscreen PASS the mail goes to the internal smtpd on 
'pf-in'

Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: connect from unknown[XX.XX.XX.XX]
Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: AB1E08F422: 
client=unknown[XX.XX.XX.XX]
Jan 29 19:01:08 srchsvr pf-in/cleanup[11785]: AB1E08F422: 
message-id=<20150129190108.4200d40...@srchdell.srchdomain.com>
Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: disconnect from 
unknown[XX.XX.XX.XX]

And then into the queue and is send to the 'pf-out' instance

Jan 29 19:01:08 srchsvr pf-in/qmgr[11632]: AB1E08F422: 
from=<r...@srchdomain.com>, size=536, nrcpt=1 (queue active)
Jan 29 19:01:08 srchsvr pf-out/smtpd[11787]: connect from 
http://srchsvr.srchdomain.com[127.0.0.1]

But now the log says

Jan 29 19:01:08 srchsvr pf-in/smtp[11786]: AB1E08F422: 
to=<srcht...@clientdomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, 
delays=0.11/0.01/0.02/0, dsn=4.7.0, status=deferred (TLS is required, but 
host 127.0.0.1[127.0.0.1] refused to start TLS: 454 4.7.0 TLS not available 
due to local problem)

I think this says the problem is in the 'pf-out' instance but it is the 
'pf-in' instance that hears it and says it in the log.

I have been searching on the sentences

    "TLS is required" "refused to start TLS" "454 4.7.0" "TLS not available 
due to local problem"

But only found some suggestions that the Certificate I use is not good.  I 
know that it is since it uses okay in other applications.

What idea can I try to fix for this crazy problem I have done myself?

*S*

 

Reply via email to