Hi Victor, thanks for the explanation what's happening in the internals of Postfix, but the problem is still a mystery for me ...
I use the default Debian (Buster) /etc/ssl/openssl.cnf without any modifications, so I don't think that there is any default certificate chain that might be preloaded into each new SSL_CTX. It looks like SNI works for you, but I cannot get it working - and tried really hard for more than a week (I read everything I found on Google and it looks like there are few people with working setup, and the remaining say that it does not work) :-/ Any idea how to debug it myself? ... or even better - I can allow you root access to the test server to check it yourself (just send me a private e-mail with your ssh public key). Many thanks! JM > On 9 Jun 2020, at 19:07, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On Wed, May 27, 2020 at 12:40:25AM +0200, Ján Máté wrote: > >> The error is "SNI data for smtp.myserver.eu does not match next >> certificate" even if I am 100% sure that the key+cert+chain is OK, >> because I use the same key+cert+chain (loaded from same files) for the >> smtpd_tls_chain_files (and there it works). > > This is the symptom, the cause is indicated by the message one logged > next to it. > >> /etc/postfix/main.cf: >> tls_server_sni_maps = hash:/etc/postfix/table_hash-tls_server_sni_maps >> smtpd_tls_chain_files = >> /etc/letsencrypt/live/eu.server.smtp/privkey.pem >> /etc/letsencrypt/live/eu.server.smtp/fullchain.pem >> >> /etc/postfix/table_hash-tls_server_sni_maps >> smtp.myserver.eu /etc/letsencrypt/live/eu.myserver.smtp/privkey.pem >> /etc/letsencrypt/live/eu.myserver.smtp/fullchain.pem >> smtp.myserver2.eu /etc/letsencrypt/live/eu.myserver2.smtp/privkey.pem >> /etc/letsencrypt/live/eu.myserver2.smtp/fullchain.pem > > I just tested with: > > main.cf: > smtpd_tls_loglevel = 1 > smtpd_tls_security_level = may > smtpd_tls_chain_files = > ${config_directory}/ee1pkey.pem > ${config_directory}/ee1cert.pem > ${config_directory}/cacert.pem > tls_server_sni_maps = hash:${config_directory}/sni > > sni > mx1.example.com > .../ee1pkey.pem > .../ee1cert.pem > .../cacert.pem > mx2.example.com > .../ee2pkey.pem > .../ee2cert.pem > .../cacert.pem > > My logs below... > >> May 26 22:38:58 myserver postfix/smtpd[72379]: maps_file_find: >> tls_server_sni_maps: >> hash:/etc/postfix/table_hash-tls_server_sni_maps(0,lock|fold_fix|src_rhs_is_file): >> smtp.myserver.eu <http://smtp.myserver.eu/> = >> LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9J... > > You generally don't want to log this data (your log level is too high), > and should not publish it, it is liable to reveal part of your private > key, though luckily, in this case, only some of the fixed header bits > and none of the key material. > >> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: key at index 1 in >> SNI data for smtp.myserver.eu does not match next certificate >> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: TLS library problem: >> error:1426D121:SSL routines:ssl_set_cert_and_key:not replacing >> certificate:../ssl/ssl_rsa.c:1107: > > The second message is the real problem, OpenSSL believes it already has > a certificate loaded for that algorithm, which should not be the case. > The new key then does not match the already installed certificate. But > there shouldn't be one already loaded. > >> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: error loading >> private keys and certificates from: SNI data for smtp.myserver.eu: aborting >> TLS handshake > > And so things go wrong. On the other hand, my logs show: > > postfix/postfix-script[95733]: starting the Postfix mail system > postfix/master[95735]: daemon started -- version 3.6-20200511, > configuration /var/tmp/postfix/etc > > -- No SNI servername used > postfix/smtpd[95756]: connect from localhost[127.0.0.1] > postfix/smtpd[95756]: Anonymous TLS connection established from > localhost[127.0.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 > bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest > SHA256 > postfix/smtpd[95756]: disconnect from localhost[127.0.0.1] ehlo=1 > starttls=1 quit=1 commands=3 > > -- SNI servername: mx1.example.com > postfix/smtpd[95756]: connect from localhost[127.0.0.1] > postfix/smtpd[95756]: Anonymous TLS connection established from > localhost[127.0.0.1] to mx1.example.com: TLSv1.3 with cipher > TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature > RSA-PSS (2048 bits) server-digest SHA256 > postfix/smtpd[95756]: disconnect from localhost[127.0.0.1] ehlo=1 > starttls=1 quit=1 commands=3 > > -- SNI servername: mx2.example.com > postfix/smtpd[95756]: connect from localhost[127.0.0.1] > postfix/smtpd[95756]: Anonymous TLS connection established from > localhost[127.0.0.1] to mx2.example.com: TLSv1.3 with cipher > TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature > RSA-PSS (2048 bits) server-digest SHA256 > postfix/smtpd[95756]: disconnect from localhost[127.0.0.1] ehlo=1 > starttls=1 quit=1 commands=3 > >> In short: if a connection from the client is performed without SNI (or >> SNI hostname not present in the tls_server_sni_maps) then everything >> works as expected (key+cert+chain from smtpd_tls_chain_files is used), >> but if I connect using a valid SNI hostname (the new >> tls_server_sni_maps is used) then the same key+cert+chain not works. > > It seems that somehow, a certificate of the same type is already loaded > into the SSL handle under construction. It is unclear how that > happened. > >> postmap -Fq smtp.myserver.eu hash:/etc/postfix/table_hash-tls_server_sni_maps >> >> returns the correct key+cert+chain: >> >> -----BEGIN PRIVATE KEY----- >> ... >> ... here is the private key for smtp.myserver.eu >> ... >> -----END PRIVATE KEY----- >> -----BEGIN CERTIFICATE----- >> ... >> ... here is the certificate for smtp.myserver.eu >> ... >> -----END CERTIFICATE----- >> -----BEGIN CERTIFICATE----- >> ... >> ... here is the certificate for intermediate CA >> ... >> -----END CERTIFICATE----- > > That seems reasonable, is there anything in your system-wide openssl.cnf > file that looks like a default certificate chain that might be preloaded > into each new SSL_CTX? > > -- > Viktor.