Unable to send mail using postfix STARTTLS authentication: 4.7.0 TLS not available due to local problem

Unable to send an email using the STARTTLS authentication:

454 4.7.0 TLS not available due to local problem


TLS misconfiguration in Postfix:

  • The postfix_default.pem certificate file does not contain the valid SSL certificate or it is broken.
  • The path to the certificate is incorrect in the /etc/postfix/main.cf file.
  • TLS configuration parameters are missing in the /etc/postfix/main.cf file.

Connect to the server via SSH.

Create the /etc/postfix/tls directory, set correct ownership, group, permissions and create a certificate file:

mkdir /etc/postfix/tls
# chown root:postfix /etc/postfix/tls
# chmod u=rwx,go= /etc/postfix/tls
# cd /etc/postfix/tls
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

Change /etc/postfix/main.cf accordingly:

smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom

If the smtpd_sasl_auth_enable = yes option is set in the /etc/postfix/main.cf file, make sure that the saslauthd service is started:

service saslauthd status

Reload Postfix configuration: service postfix restart