[Bug 715056] [NEW] invalid ssl-certificates in /etc/postfix/main.cf after security upgrade

Tim Kuijsten 715056 at bugs.launchpad.net
Tue Feb 8 08:48:09 UTC 2011 

Public bug reported:

Binary package hint: dovecot-postfix

After dovecot-postfix was automatically upgraded this morning
(http://www.ubuntu.com/usn/usn-1059-1) the config in
/etc/postfix/main.cf was changed. Replacing my certificates with invalid
ones. Discovered it by Thunderbird complaining about an invalid
certificate when try to send mail via the smtp-server.

Changes made by automatic upgrade:
diff --git a/postfix/main.cf b/postfix/main.cf
index ee075a3..b6c0119 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -57,10 +57,15 @@ smtpd_tls_security_level = may
 smtpd_tls_auth_only = yes
 smtpd_tls_loglevel = 1
 smtpd_tls_received_header = yes
-smtpd_tls_cert_file = /etc/ssl/certs/xxxxx.crt
-smtpd_tls_key_file = /etc/ssl/private/xxxxx.key
+smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
+smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_security_level = may
 smtp_tls_CAfile = /etc/ssl/certs/netsend_nl_chain.crt
 smtp_tls_note_starttls_offer = yes
+home_mailbox = Maildir/
+smtpd_sasl_authenticated_header = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_use_tls = yes
+smtp_use_tls = yes

Errors in /var/log/mail.log:
Feb  8 09:25:27 lock postfix/smtpd[10607]: connect from xxxxx.versatel.nl[xx.xx.xx.xx]
Feb  8 09:25:27 lock postfix/smtpd[10607]: setting up TLS connection from xxxxx.versatel.nl[xx.xx.xx.xx]
Feb  8 09:25:27 lock postfix/smtpd[10607]: SSL_accept error from xxxxx.versatel.nl[xx.xx.xx.xx]: 0
Feb  8 09:25:27 lock postfix/smtpd[10607]: warning: TLS library problem: 10607:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1093:SSL alert number 48:
Feb  8 09:25:27 lock postfix/smtpd[10607]: lost connection after CONNECT from xxxxx.versatel.nl[xx.xx.xx.xx]
Feb  8 09:25:27 lock postfix/smtpd[10607]: disconnect from xxxxx.versatel.nl[xx.xx.xx.xx]

** Affects: dovecot (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: certificate dovecot main.cf postfix

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.
https://bugs.launchpad.net/bugs/715056

Title:
  invalid ssl-certificates in /etc/postfix/main.cf after security
  upgrade

More information about the Ubuntu-server-bugs mailing list