After Cert Install problems with Postfix

Hello,

I have an Ubuntu 12.04 server setup with Virtualmin/Webmin using the self-signed certificate generated during installation working fine for more than a year without any problem. This week I installed a GoDaddy certificate (Not wildcard) in one of my 7 domains that is not the default domain. Following the Virtualmin documentation everything was done well and the https site is ok but some problems started to happen.

First with the server self-signed cert. After I have changed that domain IP address and installed the cert I clicked in all “Copy to” buttons because I though that it would be copied only to that domain Virtualmin/Webmin panels but something unexpected happened. When trying to access Virtualmin/Webmin panel for the default domain in Firefox it says:

Secure Connection Failed - An error occurred during a connection to server1.myhost.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long).

When using IP:10000 an UNTRUSTED CONNECTION warning asking to add an exception.

Second with Postfix Mail Server. It complete stopped and could not be started again. Checking mail.log for errors found:

Jun 16 15:11:06 server1 postfix/postfix-script[2480]: starting the Postfix mail system Jun 16 15:11:06 server1 postfix/master[2481]: fatal: bind XXX.XXX.XXX.XX port 587: Address already in use Jun 16 15:13:52 server1 postfix/postqueue[2689]: warning: Mail system is down -- accessing queue directly Jun 16 15:20:09 server1 dovecot: master: Dovecot v2.0.19 starting up (core dumps disabled) Jun 16 15:20:22 server1 postfix/master[2239]: fatal: bind XXX.XXX.XXX.XX port 587: Address already in use Jun 16 15:20:54 server1 postfix/postfix-script[2759]: starting the Postfix mail system Jun 16 15:20:54 server1 postfix/master[2760]: fatal: bind XXX.XXX.XXX.XX port 587: Address already in use Jun 16 15:21:54 server1 postfix/master[3431]: fatal: bind XXX.XXX.XXX.XX port 587: Address already in use Jun 16 15:22:19 server1 postfix/postqueue[3654]: warning: Mail system is down -- accessing queue directly

I am using external DNS from GoDaddy instead of Virtualmin BIND. Checked for incorrect configurations and found nothing. Made a complete verification using the server terminal (Putty) with nmap, netstat, iptables and found nothing wrong. All necessary ports are open and there is no other application using port 587.

The server IP is XXX.XXX.XXX.XX that is in use for 6 domains including the server host “server1.myhost.com” and the certificate is installed in IP YYY.YY.YYY.YYY just for the domain mycustomerdomain.com.

I think that all problems came from the click in the “Copy To” buttons when installing the cert because it was supposed to copy only to that domain but instead copied to all virtualmin/webmin pages. I am not sure what to do to fix it. I think that creating and installing over a new self-signed certificate and later installing again that domain GoDaddy certificate would fix everything but first I need to know if someone have a better solution.

Any help will be fully appreciated.

Thanks in advance.

For those who asked for here some more detail about my Virtualmin GLP installation and Postfix.

The /etc/postfix/main.cf contents:

[code]# Postfix master process configuration file. For details on the format

of the file, see the master(5) manual page (command: “man 5 master”).

Do not forget to execute “postfix reload” after editing this file.

==========================================================================

service type private unpriv chroot wakeup maxproc command + args

(yes) (yes) (yes) (never) (100)

==========================================================================

XXX.XXX.XXX.XX:smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_n$
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp

-o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache

====================================================================

Interfaces to non-Postfix software. Be sure to examine the manual

pages of the non-Postfix software to find out what options it wants.

Many of the following services use the Postfix pipe(8) delivery

agent. See the pipe(8) man page for information about ${recipient}

and other message envelope options.

====================================================================

====================================================================

maildrop. See the Postfix MAILDROP_README file for details.

Also specify in main.cf: maildrop_destination_recipient_limit=1

maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

====================================================================

Recent Cyrus versions can use the existing “lmtp” master.cf entry.

Specify in cyrus.conf:

lmtp cmd=“lmtpd -a” listen=“localhost:lmtp” proto=tcp4

Specify in main.cf one or more of the following:

mailbox_transport = lmtp:inet:localhost

virtual_transport = lmtp:inet:localhost

====================================================================

Cyrus 2.1.5 (Amos Gouaux)

Also specify in main.cf: cyrus_destination_recipient_limit=1

#cyrus unix - n n - - pipe

user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

====================================================================

Old example of delivery via Cyrus.

#old-cyrus unix - n n - - pipe

flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

====================================================================

See the Postfix UUCP_README file for configuration details.

uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

Other external delivery methods.

ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

XXX.XXX.XXX.XX:submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
YYY.YY.YYY.YYY:smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_cert_file=/home/mycustomer1/ssl.cert -o smtpd_tls_key_file=/home/mycustomer1/ssl.key -o smtpd_tls_CAfile=/home/mycut$
127.0.0.1:smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
YYY.YY.YYY.YYY:submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_cert_file=/home/mycustomer1/ssl.cert -o smtpd_tls_key_file=/home/mycustomer1/ssl.key -o smtpd_tls_CAfile=/hom$
127.0.0.1:submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
[/code]