Unable to send an email using the STARTTLS authentication:
454 4.7.0 TLS not available due to local problem
Cause
TLS misconfiguration in Postfix:
- The
postfix_default.pemcertificate file does not contain the valid SSL certificate or it is broken. - The path to the certificate is incorrect in the
/etc/postfix/main.cffile. - TLS configuration parameters are missing in the
/etc/postfix/main.cffile.
Connect to the server via SSH.
Create the /etc/postfix/tls directory, set correct ownership, group, permissions and create a certificate file:
mkdir /etc/postfix/tls
# chown root:postfix /etc/postfix/tls
# chmod u=rwx,go= /etc/postfix/tls
# cd /etc/postfix/tls
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Change /etc/postfix/main.cf accordingly:
smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
If the smtpd_sasl_auth_enable = yes option is set in the /etc/postfix/main.cf file, make sure that the saslauthd service is started:
service saslauthd status
Reload Postfix configuration: service postfix restart