# OpenSSL build issue, or Postfix?



## murias (Jan 24, 2013)

Hey all,

So, this time around building a server, I have been having the hardest time.  I'm being humbled - tis a good thing though at times.

Latest issue is with Postfix / OpenSSL.

The background - i386, FreeBSD 9.1, recompiled kernel, rebuilt userland, everything from ports tree from last week.  Postfix current-2.10.20121031_2,4 OpenSSl 0.9.8x 10 May 2012

Here's what's going on:
I fired up Dovecot, no issues.  I fired up Postfix, again no issues (apparent).  I telnet to localhost port 25 to test connectivity, I get the following errors:

```
warning: cannot get RSA private key from file /etc/ssl/postfix/smtpd.pem: disabling TLS support
warning: TLS library problem 59931:error:0906D06C:PEM routines:PEM_read_bio:no start line:/usr/src/secure/lib/crypto/../../../crypto/openssl/crypto/pem/pemlib.c:648:Expecting ANY PRIVATE KEY:
warning: TLS library problem:59931:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:/usr/src/secure/lib/libssl../../../crypto/openssl/ssl/ssl_rsa.c:669
connect from localhost[127.0.0.1]
fatal: no SASL authentication mechanisms
```
Some googling and I was lead to believe that there was an issue with the certificate itself, and how it was created.  I then dropped in a known good pem file from one of my operational servers, coincidentally has the same host name etc, the drive I am doing this current build will be going into that machine and replacing that boot drive.  Using this pem file I get this error on my telnet attempt:

```
connect from localhost[127.0.0.1]
fatal: no SASL authentication mechanisms
warning: process /usr/local/libexec/postfix/smtpd pid # exit sstatus 1
warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
```
A bit of googling on that, and I am led to believe that OpenSSL build is bad.

I think it might be pertinent to add that my certs for apache seem to be working fine, I connect https and there are no complaints in the logs.

I appreciate any insights and thoughts here.

Cheers all
Murias


----------



## xtaz (Jan 24, 2013)

Is your private key encrypted? It's been a while since I configured my own certs on Dovecot and Postfix but I seem to remember that whilst Dovecot can decrypt private keys Postfix needs them in an already decrypted form.

Look at the top of the key file. Does it say "Proc-Type: 4,ENCRYPTED" at the top? If so try running this:

`# openssl rsa -in <Encrypted key filename> -out <Decrypted key filename>`

And then using the output file for Postfix instead.


----------



## murias (Jan 25, 2013)

*solved*

I have solved this one, seems that my dovecot-sql.conf file had gotten corrupted somehow, so it wasn't being read properly by dovecot, which then made dovecot unavailable to postfix.

No amount of editing the dovecot-sql.conf file was fixing the issue.  I ended up simply creating a new one.

All (up to this) is working as designed now.

Cheers
Murias


----------

