Sending of the message failed/An error occurred while sending mail/2017-01-15 Woozle

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Jump to navigation Jump to search

This message has to be inaccurate. Dialogue with the server: 

woozle@SamEagle:~$ telnet hypertwins.org 587
Trying 45.55.148.146...
Connected to hypertwins.org.
Escape character is '^]'.
220 cloud2.hypertwins.net ESMTP Postfix (Ubuntu)
EHLO
501 Syntax: EHLO hostname
EHLO manor.hypertwins.org
250-cloud2.hypertwins.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Searching for pieces of this error came up with a lot of posts from 2010 about a problem with Avast antivirus software, which isn't applicable here. I finally found this (archive), which pointed me at the /var/log/maillog file (actually /var/log/mail.log on this server), where I searched for my client IP address and found this: 

Jan 15 16:57:08 cloud2 postfix/smtpd[11744]: warning: cannot get RSA private key from file /etc/postfix/postfix.key.pem: disabling TLS support
Jan 15 16:57:08 cloud2 postfix/smtpd[11744]: warning: TLS library problem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:330:

Well, I had just recently used Let's Encrypt (via VirtualMin), which I suspected right away might be the instigator, but I couldn't figure out what was actually going wrong. If I'm interpreting this error message correctly, it removed the certificate files that Postfix was using and didn't update Postfix's configuration to point to the new ones.

Old files:

  • TLS certificate file: /etc/postfix/postfix.cert.pem
  • TLS private key file: /etc/postfix/postfix.key.pem
  • TLS certificate authority file: /etc/postfix/postfix.cert.pem

New files:

  • SSL certificate file: /home/hypertwins/ssl.cert
  • SSL private key file: /home/hypertwins/ssl.key
  • unknown: /home/hypertwins/ssl.ca

Replacing the old filenames with the new filenames (and assuming the unknown "ssl.ca" file is the "certificate authority"...

....and yes, that worked.

Post-Mortem

So basically, the error message is backwards: the service is advertised, but fails when requested -- in this case, due to Postfix not being able to read the certificate files.

Retrieved from "https://htyp.org/mw/index.php?title=Sending_of_the_message_failed/An_error_occurred_while_sending_mail/2017-01-15_Woozle&oldid=22175"