I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine.
I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing?
Any help would be appreciated!
postconf -n:
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_interfaces = loopback-only inet_protocols = ipv4 local_recipient_maps = mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = mynetworks = 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES relayhost = [smtp.mailgun.org]:587 sample_directory = /usr/share/doc/postfix-2.10.1/samples sender_canonical_classes = envelope_sender, header_sender sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_generic_maps = hash:/etc/postfix/generic smtp_header_checks = regexp:/etc/postfix/header_check smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_mandatory_ciphers = high smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt smtpd_tls_security_level = encrypt unknown_local_recipient_reject_code = 550 /var/log/maillog:
Apr 28 20:04:15 HOSTNAME postfix/pickup[85556]: SOME_ID_NUMBER: uid=0 from=<root> Apr 28 20:04:15 HOSTNAME postfix/cleanup[85583]: SOME_ID_NUMBER: message-id=<20180429000415.SOME_ID_NUMBER@FQDN> Apr 28 20:04:15 HOSTNAME postfix/qmgr[85557]: SOME_ID_NUMBER: from=<root@FQDN>, size=2261, nrcpt=1 (queue active) Apr 28 20:04:16 HOSTNAME postfix/smtp[85585]: fatal: tls_fprint: error computing md5 message digest Apr 28 20:04:17 HOSTNAME postfix/qmgr[85557]: warning: private/smtp socket: malformed response Apr 28 20:04:17 HOSTNAME postfix/qmgr[85557]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description Apr 28 20:04:17 HOSTNAME postfix/master[85555]: warning: process /usr/libexec/postfix/smtp pid 85585 exit status 1 Apr 28 20:04:17 HOSTNAME postfix/master[85555]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling Apr 28 20:04:17 HOSTNAME postfix/error[85587]: SOME_ID_NUMBER: to=<[email protected]>, relay=none, delay=1.7, delays=0.05/1.6/0/0.02, dsn=4.3.0, status=deferred (unknown mail transport error) 
