lost connection after STARTTLS: Postfix

Question

I've setup a Postfix + Courier server and have a Rails app configured with the SMTP server settings. Whenever the Rails app tries to send an email, this is what appears in the Postfix log (additional log verbosity set in master.cf)

Feb 22 03:57:24 alpha postfix/smtpd[1601]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 22 03:57:24 alpha postfix/smtpd[1601]: smtp_get: EOF
Feb 22 03:57:24 alpha postfix/smtpd[1601]: match_hostname: localhost ~? 127.0.0.0/8
Feb 22 03:57:24 alpha postfix/smtpd[1601]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
Feb 22 03:57:24 alpha postfix/smtpd[1601]: lost connection after STARTTLS from localhost[127.0.0.1]
Feb 22 03:57:24 alpha postfix/smtpd[1601]: disconnect from localhost[127.0.0.1]
Feb 22 03:57:24 alpha postfix/smtpd[1601]: master_notify: status 1
Feb 22 03:57:24 alpha postfix/smtpd[1601]: connection closed

Any ideas as to why it's losing the connection after authentication?

Answer 1

ActionMailer was changed to a more secure default configuration and checks the server certificate in TLS mode (since version 2-something or 3).

Some solutions are:

• Restore the old Rails behaviour in the app: add openssl_verify_mode: 'none' to the Rails config
• Disable TLS on the server: set smtpd_use_tls=no in your Postfix config
• Set up valid TLS certificates on the server, which are verifiable using a certificate authority on the client (the Rails app). This is probably overkill if it's the same server as appears to be the case in this example, but for this kind of configuration you will want to make sure smtpd is not listening on a public port.

Answer 2

Perhaps the rails app doesn't trust the postfix certificate?