I got a mairadb 10.1 on ubuntu 18.04 where I wannt to connect via SSL. In november it worked, but my selfmade certificates runed out. So I created some new ones, but since then I got this errormessage when I try to connect (in python-mariadb the code looks similary, so I guess its a mariadb problem.)
ERROR 2026 (HY000): SSL connection error: unsupported protocol
When I connect via localhost from the server to the server, it works with an ssl connection.
I tried then to use another server, this time its a debian buster with mariadb 10.3 and it behaves the same.
Sites I already visited but haven't brought me further:
https://github.com/PyMySQL/PyMySQL/issues/817
MariaDB SSL connection error: Unsupported record version Unknown-0.0
https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#openssl-defaults
sudo openssl x509 -text -noout -in boba-server-cert.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ..., ST = ..., L = ..., O = ..., CN = CA B
Validity
Not Before: Dec 21 10:48:33 2020 GMT
Not After : Dec 21 10:48:33 2021 GMT
Subject: C = .., ST = ..., L = ..., O = ..., CN = [domain]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
...
Related
Problem:
Sending a test notification from SonarQube using STARTTLS over SMTP is failing.
Configuration used in SonarQube:
SMTP host: 1X.XXX.XX.X1
SMTP port: 587
Secure connection: starttls
Destination e-mail address is provided. Client with SonarQube is Debian 11. SMTP host is a MS Exchange server. Self signed certificates. Certificates are installed in the truststore.
Relevant:
Sending a test notification using SMTP but without STARTTLS is delivered succesfully.
Log:
Bellow are relevant fragments from the client web.log from one such failed attempt sending a notification using SMTP and STARTTLS:
2022.10.24 09:36:57 INFO web[AYPp5oPhM9pKCPrzAA6Z][javax.mail] JavaMail version 1.6.2
2022.10.24 09:36:57 INFO web[AYPp5oPhM9pKCPrzAA6Z][javax.mail] successfully loaded resource: /META-INF/javamail.default.address.map
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][javax.activation] MailcapCommandMap: createDataContentHandler for text/plain
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][javax.activation] search DB #1
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][javax.activation] got content-handler
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][javax.activation] class com.sun.mail.handlers.text_plain
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][javax.mail] getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Oracle]
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] useEhlo true, useAuth false
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] trying to connect to host "1X.XXX.XX.X1", port 587, isSSL false
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] connected to host "1X.XXX.XX.X1", port: 587
2022.10.24 09:36:57 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "SIZE", arg "26214400"
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "PIPELINING", arg ""
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "DSN", arg ""
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "ENHANCEDSTATUSCODES", arg ""
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "STARTTLS", arg ""
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "AUTH", arg "NTLM"
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "8BITMIME", arg ""
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "BINARYMIME", arg ""
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][com.sun.mail.smtp] Found extension "CHUNKING", arg ""
2022.10.24 09:36:58 DEBUG web[AYPp5oPhM9pKCPrzAA6Z][o.s.s.n.e.EmailNotificationChannel] Fail to send test email to xxxxxxx#xxxxx.xxx: {}
org.apache.commons.mail.EmailException: Sending the email to the following server failed : 1X.XXX.XX.X1:587
...
Caused by: javax.mail.MessagingException: Could not convert socket to TLS
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Command: $ echo | openssl s_client -connect 1X.XXX.XX.X1:587
returns:
CONNECTED(00000003)
140269928117568:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Command: $ echo | openssl s_client -connect 1X.XXX.XX.X1:587 -starttls smtp
returns:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 CN = CA-ROOT
verify return:1
depth=1 DC = local, DC = regulator, CN = CA-SUB
verify return:1
depth=0 C = PL, ST = Aaa, L = Bbb, O = Ccc, OU = Ddd, CN = [DOMAIN.NAME]
verify return:1
---
Certificate chain
0 s:C = PL, ST = Aaa, L = Bbb, O = Ccc, OU = Ddd, CN = [DOMAIN.NAME]
i:DC = local, DC = regulator, CN = CA-SUB
1 s:DC = local, DC = regulator, CN = CA-SUB
i:CN = CA-ROOT
---
Server certificate
-----BEGIN CERTIFICATE-----
[...CERTIFICATE...]
-----END CERTIFICATE-----
subject=C = PL, ST = Aaa, L = Bbb, O = Ccc, OU = Ddd, CN = [DOMAIN.NAME]
issuer=DC = local, DC = regulator, CN = CA-SUB
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3596 bytes and written 498 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: [...SESSION ID...]
Session-ID-ctx:
Master-Key: [...MASTER ID...]
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1666767236
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
250 CHUNKING
DONE
Question:
What do I need to do, for SonarQube notifications be delivered successfully using STARTTLS over SMTP?
I am trying to connect to mysql with JDBC.
I generated keys as follows on my Windows 10:
winpty openssl pkcs12 -export -inkey ssl_cert/client-key.pem -in ssl_cert/client-cert.pem -out client.packet
keytool -importkeystore -deststorepass <password> -destkeypass <password> -destkeystore mysqldb.jks -srckeystore client.packet -srcstoretype PKCS12 -srcstorepass <password> -alias 1
keytool -importcert -alias mysqlCA -trustcacerts -file ssl_cert/ca.pem -keystore mysqldb.jks
My JDBC code looks like this :
System.setProperty("javax.net.ssl.trustStore", "ks-production-mysqldb.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "<password> ");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStore", "mysqldb.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "<password> ");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
String dbURL = "jdbc:mysql://localhost:1234/sb?"
+ "verifyServerCertificate=true&useSSL=true&requireSSL=true";
conn = DriverManager.getConnection(dbURL, dbUser, dbPass);
I am getting following error :
Caused by: javax.net.ssl.SSLException: Unsupported record version
Unknown-0.0 at
sun.security.ssl.InputRecord.checkRecordVersion(InputRecord.java:552)
at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:565)
at sun.security.ssl.InputRecord.read(InputRecord.java:529) at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983) at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at
org.mariadb.jdbc.internal.mysql.MySQLProtocol.connect(MySQLProtocol.java:444)
... 7 more
I googled for this and found out that it may be due to difference in SSL protocol between server and java, which they say must have been solved java 7 or greater.
But still I am getting error ? What am I missing?
Port forwarding before connection to localhost:1234:
try {
JSch jsch = new JSch();
jsch.addIdentity(privateKey);
logger.info("Establishing connection to " + sshHost + " by user " + sshUser);
session = jsch.getSession(sshUser, sshHost, 22);
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
session.connect();
int assignedPort = session.setPortForwardingL(localPort, remoteHost, remotePort);
logger.info("assigned Port = " + assignedPort);
} catch (JSchException e) {
e.printStackTrace();
throw new RuntimeException(e);
}
return session;
openssl command output :
$ openssl s_client -connect localhost:1234
CONNECTED(00000003)
140108247099296:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1519473350
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
There is no solution posted, so for anyone who is facing this issue:
We use MariaDB and have been facing this issue, after trying all things, upgrading mariaDB java client driver version to latest solved the problem. Hope it helps.
Upgrade to JDK 8 at least u181. It works for me for a ReST connection showing the same error.
As other answers adviced I upgraded Java from 1.8.0_121 to 1.8.0_362 and the error changed but I still had an SSL error.
I had to add ?useSSL=false&requireSSL=false to the jdbc URL to disable SSL.
I've been trying to setup my hmailserver with DKIM.
I was following this guide -> https://www.hmailserver.com/forum/viewtopic.php?t=29402
And I created my keys with this site -> https://www.port25.com/dkim-wizard/
Domain name: linnabary.us
DomainKey Selector: dkim
Key size: 1024
I created a pem file;
-----BEGIN RSA PRIVATE KEY-----
<key>
-----END RSA PRIVATE KEY-----
Saved it and loaded it into hmailserver
When I set this up on NameCheap I selected TXT Record, set my host as #, and put this line in, minus key of course;
v=DKIM1; k=rsa; p=<KEY>
Now when I test with -> http://www.isnotspam.com
It says my DKIM key is as follows;
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: invalid
ID(s) verified: header.From=admin#linnabary.us
Selector=
domain=
DomainKeys DNS Record=._domainkey.
I was wondering if I am making any obvious errors in my record.
Edit;
The email contains the following line;
dkim-signature: v=1; a=rsa-sha256; d=linnabary.us; s=dkim;
This is what the setup looks like on NameCheap;
And here is the next test email from ;
This message is an automatic response from isNOTspam's authentication verifier service. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at .
Thank you for using isNOTspam.
The isNOTspam team
==========================================================
Summary of Results
==========================================================
SPF Check : pass
Sender-ID Check : pass
DKIM Check : invalid
SpamAssassin Check : ham (non-spam)
==========================================================
Details:
==========================================================
HELO hostname: [69.61.241.46]
Source IP: 69.61.241.46
mail-from: admin#linnabary.us
Anonymous To: ins-a64wsfm3#isnotspam.com
---------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail=admin#linnabary.us
DNS record(s):
linnabary.us. 1799 IN TXT "v=spf1 a mx ip4:69.61.241.46 ~all"
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail=admin#linnabary.us
DNS record(s):
linnabary.us. 1799 IN TXT "v=spf1 a mx ip4:69.61.241.46 ~all"
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: invalid
ID(s) verified: header.From=admin#linnabary.us
Selector=
domain=
DomainKeys DNS Record=._domainkey.
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin 3.4.1 (2015-04-28)
Result: ham (non-spam) (04.6points, 10.0 required)
pts rule name description
---- ---------------------- -------------------------------
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000]
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Status: Yes, hits=4.6 required=-20.0 tests=BAYES_99,BAYES_999,
DKIM_SIGNED,RDNS_NONE,SPF_HELO_PASS,SPF_PASS,T_DKIM_INVALID autolearn=no
autolearn_force=no version=3.4.0
X-Spam-Score: 4.6
To learn more about the terms used in the SpamAssassin report, please search
here: http://wiki.apache.org/spamassassin/
==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================
"pass"
the message passed the authentication test.
"fail"
the message failed the authentication test.
"softfail"
the message failed the authentication test, and the authentication
method has either an explicit or implicit policy which doesn't require
successful authentication of all messages from that domain.
"neutral"
the authentication method completed without errors, but was unable
to reach either a positive or a negative result about the message.
"temperror"
a temporary (recoverable) error occurred attempting to authenticate
the sender; either the process couldn't be completed locally, or
there was a temporary failure retrieving data required for the
authentication. A later retry may produce a more final result.
"permerror"
a permanent (unrecoverable) error occurred attempting to
authenticate the sender; either the process couldn't be completed
locally, or there was a permanent failure retrieving data required
for the authentication.
==========================================================
Original Email
==========================================================
From admin#linnabary.us Wed Apr 12 17:41:22 2017
Return-path: <admin#linnabary.us>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on isnotspam.com
X-Spam-Flag: YES
X-Spam-Level: ****
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000]
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Status: Yes, hits=4.6 required=-20.0 tests=BAYES_99,BAYES_999,
DKIM_SIGNED,RDNS_NONE,SPF_HELO_PASS,SPF_PASS,T_DKIM_INVALID autolearn=no
autolearn_force=no version=3.4.0
Envelope-to: ins-a64wsfm3#isnotspam.com
Delivery-date: Wed, 12 Apr 2017 17:41:22 +0000
Received: from [69.61.241.46] (helo=linnabary.us)
by localhost.localdomain with esmtp (Exim 4.84_2)
(envelope-from <admin#linnabary.us>)
id 1cyMGg-0007x2-1Q
for ins-a64wsfm3#isnotspam.com; Wed, 12 Apr 2017 17:41:22 +0000
dkim-signature: v=1; a=rsa-sha256; d=linnabary.us; s=dkim;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=Ns4aRUgWUtil4fiVnvitgeV+q1K/smEYtRGN497S5Ew=;
b=Nc2Kzrzas0QqMpWM4fnF5o5wLWlWYFxlGlAipe+85H9cwGgc4hvEKUj1UvgB6I2VHUbJ0OGN/sJO9tjWgwlGypaUuW7Q8x/iI0UtC6cn7X6ZLHT+K6A2A6MdoyR1NF4xxvqPadcmcQwnrY0Tth4ycydpQMlBCZS30sc1qUjUrN0=
Received: from [192.168.1.12] (Aurora [192.168.1.12])
by linnabary.us with ESMTPA
; Wed, 12 Apr 2017 13:41:28 -0400
To: ins-a64wsfm3#isnotspam.com
From: Admin <admin#linnabary.us>
Subject: Welcome to Linnabary
Message-ID: <8e8be6cd-6354-aeb9-b577-2b0efc25a1a1#linnabary.us>
Date: Wed, 12 Apr 2017 13:41:28 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-DKIM-Status: invalid (pubkey_unavailable)
I honestly have no idea what I should put in here in order to protect
myself from filters, so I'm just making it up as I go.
- Tad
The Host value for your TXT entry should just be dkim._domainkey. Currently your domain key is located at: dkim._domainkey.linnabary.us.linnabary.us, so you're not supposed to add the domain here.
That's why the response to the test email says X-DKIM-Status: invalid (pubkey_unavailable) - the public key can't be found where it is supposed to be.
I'm trying to set up HS from a 12c database that will eventually send data across to a remote MySQL server.
I have installed the odbc driver;
root ~ # rpm -ivh mysql-connector-odbc-5.3.4-1.el6.x86_64.rpm
This is my listener.ora file;
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
)
)
This is my tnsnames.ora file;
RECORDSDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = recordsdb.ap.local)
)
)
MYSQL =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521))
(CONNECT_DATA=(SID=MYSQL))
(HS=OK)
)
I connected to the database, and created the database link;
SQL> CREATE DATABASE LINK MYSQL
2 CONNECT TO "root" IDENTIFIED BY "removed"
3 USING 'mysql';
Restarting the lsnrctl;
./bin/lsnrctl reload
./bin/lsnrctl stop
./bin/lsnrctl start
./bin/lsnrctl status
./bin/lsnrctl status
LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:54:42
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 08-SEP-2014 10:42:05
Uptime 0 days 0 hr. 12 min. 37 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/12.1.0/dbhome_1/log/diag/tnslsnr/ap-ora-records-test/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=8080))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "recordsdb.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
Service "recordsdbXDB.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
The command completed successfully
As well as tnsping;
oracle /u01/app/oracle/product/12.1.0/dbhome_1 $ ./bin/tnsping ap-ora-records-test
TNS Ping Utility for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:42:44
Copyright (c) 1997, 2013, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
Used EZCONNECT adapter to resolve the alias
Attempting to contact (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=))(ADDRESS=(PROTOCOL=TCP)(HOST=::1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))
OK (0 msec)
I then tried getting a piece of data - SQL> SELECT * from MYSQL.users#mysql; which gave the following result;
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
Unable to retrieve text of NETWORK/NCR message 65535
ORA-02063: preceding 2 lines from MYSQL
Where am I going wrong?
edit 1:
This is my creation code;
CREATE SHARED PUBLIC DATABASE LINK mysql_remote_shared
CONNECT TO root IDENTIFIED BY password
AUTHENTICATED BY root IDENTIFIED BY password
USING 'mysql';
I have a VPS server which is running postfix + dovecot as mail server.
I have already created two accounts which work well. Both can send and receive email via STARTTLS and SSL.
But when I added a third account today, it can only receive email but failed to connect SMTP server. So it is not a issue of wrong password. The SMTP settings are same as the other two accounts. The settings of client should be correct.
The postfix log says:
Aug 28 12:55:32 server postfix/smtpd[1645]: warning: SASL authentication failure: Password verification failed
Aug 28 12:55:32 server postfix/smtpd[1645]: warning: unknown[203.97.197.232]: SASL PLAIN authentication failed: authentication failure
Aug 28 12:55:35 server postfix/smtpd[1645]: warning: unknown[203.97.197.232]: SASL LOGIN authentication failed: authentication failure
The sasl and tls settings in main.cf is:
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Can anyone help me out?
Thank you very much.