TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42,

That's what I see from the public internet, yes.

Well, yes. Setting up mail software (or networking for that matter, e.g. NAT portmaps) in general is NOT the scope of this Community, as I said before. We can't dive into the TLS part of setting up Postfix, without Postfix being properly set up. I assume you want your Postfix to be reachable from the public internet. And the volunteers of this Community need to be able to test your Postfix from the public internet to debug the TLS part of it.

But BEFORE we can get to that TLS part, YOU need to make sure Postfix is working correctly. And you can call that "leaving [you] to go find out why", but that's indeed the gist of it. Because "finding out why" is NOT the scope of this Let's Encrypt Community. This is NOT the "Postfix Community" or "Postfix support channel".

1 Like

Please leave the topic open while I try to get help from the postfix.org mailing list and I'll return with an update

1 Like

#ufw app list|grep postfix
Postfix
Postfix SMTPS
Postfix Submission

ufw status

Status: active

To Action From


22 ALLOW Anywhere
53 ALLOW Anywhere
25/tcp ALLOW Anywhere
587 ALLOW Anywhere
993 ALLOW Anywhere
995 ALLOW Anywhere
4190/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Postfix ALLOW Anywhere
20,21,990/tcp ALLOW Anywhere
40000:50000/tcp ALLOW Anywhere
465/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
587/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
993 (v6) ALLOW Anywhere (v6)
995 (v6) ALLOW Anywhere (v6)
4190/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Postfix (v6) ALLOW Anywhere (v6)
20,21,990/tcp (v6) ALLOW Anywhere (v6)
40000:50000/tcp (v6) ALLOW Anywhere (v6)
465/tcp (v6) ALLOW Anywhere (v6)
993/tcp (v6) ALLOW Anywhere (v6)
587/tcp (v6) ALLOW Anywhere (v6)

Is there a router and / or an additional firewall (possible the ISP) preventing access to those ports.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.