TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42,

Osiris · January 12, 2025, 10:25am

That's what I see from the public internet, yes.

Well, yes. Setting up mail software (or networking for that matter, e.g. NAT portmaps) in general is NOT the scope of this Community, as I said before. We can't dive into the TLS part of setting up Postfix, without Postfix being properly set up. I assume you want your Postfix to be reachable from the public internet. And the volunteers of this Community need to be able to test your Postfix from the public internet to debug the TLS part of it.

But BEFORE we can get to that TLS part, YOU need to make sure Postfix is working correctly. And you can call that "leaving [you] to go find out why", but that's indeed the gist of it. Because "finding out why" is NOT the scope of this Let's Encrypt Community. This is NOT the "Postfix Community" or "Postfix support channel".

fugee · January 12, 2025, 10:27am

Please leave the topic open while I try to get help from the postfix.org mailing list and I'll return with an update

fugee · January 12, 2025, 11:08am

#ufw app list|grep postfix
Postfix
Postfix SMTPS
Postfix Submission

fugee · January 12, 2025, 11:09am

ufw status

Status: active

To Action From

22 ALLOW Anywhere
53 ALLOW Anywhere
25/tcp ALLOW Anywhere
587 ALLOW Anywhere
993 ALLOW Anywhere
995 ALLOW Anywhere
4190/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Postfix ALLOW Anywhere
20,21,990/tcp ALLOW Anywhere
40000:50000/tcp ALLOW Anywhere
465/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
587/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
993 (v6) ALLOW Anywhere (v6)
995 (v6) ALLOW Anywhere (v6)
4190/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Postfix (v6) ALLOW Anywhere (v6)
20,21,990/tcp (v6) ALLOW Anywhere (v6)
40000:50000/tcp (v6) ALLOW Anywhere (v6)
465/tcp (v6) ALLOW Anywhere (v6)
993/tcp (v6) ALLOW Anywhere (v6)
587/tcp (v6) ALLOW Anywhere (v6)

Bruce5051 · January 12, 2025, 6:10pm

Is there a router and / or an additional firewall (possible the ISP) preventing access to those ports.

system · February 11, 2025, 6:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Postfix TLS Library Problem No such file Server	22	13622	December 5, 2018
Hello, can i use let's encrypt for postfix? Help	35	4884	July 28, 2023
Postfix doesn't work since last update of certificate (08/2019) Help	14	3109	October 3, 2019
Stuck trying to install a certificate Help	57	2067	October 3, 2022
Simple Guide: Using Lets Encrypt SSL certs with Dovecot Server	23	114151	November 14, 2018

TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42,

ufw status

Related topics