I'll just add that I was testing this with the 5.3 release so it doesn't appear to be related to the recent "pki" changes.
.joel On Tue, Dec 31, 2013 at 4:26 PM, Mikolaj Kucharski <[email protected]>wrote: > Joel Knight had similar problem in the past and he gave me a clue that > the problem my be related to multiple certificates in one single file > (lile cert.pem has). Below change makes OpenSMTPD running again for me: > > --- /etc/mail/smtpd.conf Wed Jan 1 00:23:52 2014 > +++ /etc/mail/smtpd.conf Wed Jan 1 00:24:04 2014 > @@ -6,7 +6,6 @@ > bounce-warn 4h, 1d, 2d > expire 7d > > -pki openbsd.my.domain ca "/etc/ssl/cert.pem" > pki openbsd.my.domain key "/etc/mail/certs/smtpd.key" > pki openbsd.my.domain dhparams "/etc/mail/certs/dh4096.pem" > pki openbsd.my.domain certificate "/etc/mail/certs/smtpd.crt" > > > Thanks again Joel! > > On Mon, Dec 30, 2013 at 10:45:46PM +0000, Mikolaj Kucharski wrote: > > Hi, > > > > I've just upgraded my OpenBSD-based mail server to: > > > > OpenBSD 5.4-current (GENERIC.MP) #187: Sat Dec 28 17:15:20 MST 2013 > > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC.MP > > > > > > and I cannot figure out where is the problem in my smtpd config: > > > > > > # /etc/mail/smtpd.conf > > > > ext_if = re0 > > > > max-message-size 35m > > bounce-warn 4h, 1d, 2d > > expire 7d > > > > pki openbsd.my.domain ca "/etc/ssl/cert.pem" > > pki openbsd.my.domain key "/etc/mail/certs/smtpd.key" > > pki openbsd.my.domain dhparams "/etc/mail/certs/dh4096.pem" > > pki openbsd.my.domain certificate "/etc/mail/certs/smtpd.crt" > > > > listen on lo0 > > listen on $ext_if tls pki openbsd.my.domain auth-optional > > > > table aliases db:/etc/mail/aliases.db > > > > accept from any for local alias <aliases> deliver to mbox > > accept from local for any relay > > > > > > > > # smtpd -n -f /etc/mail/smtpd.conf > > configuration OK > > > > # smtpd -dvvv -f /etc/mail/smtpd.conf > > debug: init ssl-tree > > info: loading pki information for openbsd.my.domain > > info: OpenSMTPD 5.4.1 starting > > debug: bounce warning after 4h > > debug: bounce warning after 1d > > debug: bounce warning after 2d > > debug: using "fs" queue backend > > debug: using "ramqueue" scheduler backend > > debug: using "ram" stat backend > > info: startup [debug mode] > > debug: parent_send_config_ruleset: reloading > > debug: parent_send_config_mfa: reloading > > debug: parent_send_config: configuring smtp > > mfa: building simple chains... > > mfa: building complex chains... > > mfa: done building complex chains > > mfa: done building default chain > > debug: mfa ready > > smtpd: fatal: smtp: ssltree out of sync > > warn: mfa -> smtp: pipe closed > > warn: control -> smtp: pipe closed > > warn: parent -> smtp: pipe closed > > failed to open table aliases > > warn: mta -> control: pipe closed > > warn: mda -> control: pipe closed > > warn: scheduler -> control: pipe closed > > debug: queue: done loading queue into scheduler > > warn: queue -> smtp: pipe closed > > > > # pgrep -lf smtpd | wc -l > > 0 > > > > Any idea what I'm doing wrong? > > > > -- > best regards > q#
