skon7826
By:
skon7826

Error: "TLS not available due to local problem" Postfix

January 14, 2017 3.4k views
Email Ubuntu

Hi! I've spent a while now attempting to setup a mail server using postfix on my droplet running ubuntu. I have pretty much finished however I constantly get weird errors every time I send an email on my mail server. The error is as follows:

Transcript of session follows.

 Out: 220 mail.pikadude.me ESMTP Postfix
 In:  EHLO mail-wm0-f47.google.com
 Out: 250-dc-87ba2609-mail.pikadude.me
 Out: 250-PIPELINING
 Out: 250-SIZE 10240000
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  STARTTLS
 Out: 454 4.7.0 TLS not available due to local problem

Session aborted, reason: lost connection

For other details, see the local mail logfile

Here is my postfix config:

myhostname = mail.pikadude.me
myorigin = /etc/mailname
mydestination = mail.pikadude.me, pikadude.me, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
#smtpd_tls_protocols = !SSLv2,!TLSv1,!TLSv1.1,!SSLv3
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
smtp_tls_security_level = encrypt
#smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1

I am unsure why this is happening. If anything else is required please let me know.

2 Answers

@skon7826

Do these files exist?

smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key

If so, who owns the files + directory, and what are the current permissions on each?

If owned by a user other than root, we need to change that, and we can do so by running:

chown -R root:root /etc/ssl

.. which will handle recursively setting ownership to root for both files and directories.

We then need to ensure proper permissions are setup. Ideally, this would be chmod 600 for files and chmod 700 for directories, though you could go as low as chmod 400 on files and chmod 500 on directories.

chmod 600 /etc/ssl/certs/mailcert.pem \
&& chmod /etc/ssl/private/mail.key

and

chmod 700 /etc/ssl/certs \
&& chmod 700 /etc/ssl/private/

then restart postfix

service postfix restart

Other Options

If you'd like something a little easier to setup and work with, I would recommend MailInABox. It'll handle a huge chunk of what's needed for you with relative ease.

I have followed the steps that you have said to do, but with no luck. I don't really want to use MailInABox unless it is a last resort and I really cannot figure out why Postfix isn't working. Any other ideas?

Have another answer? Share your knowledge.