HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   cant get ssl working. need some help please. (http://www.howtoforge.com/forums/showthread.php?t=2391)

wwparrish 5th February 2006 23:36

cant get ssl working. need some help please.
 
installed ispconfig on clean suse 10.0 install. all went well and I swear I saw the courier pop and imap ssl processes running. But now they dont show up with ps -ef and restarting them says they are started but still dont show up. Normal pop and Imap work fine. I uninstalled ispconfig with thoughts of reinstalling the courier software when I found this. For secure mail dont I need to uncomment the line in red (and maybe some others) ?

The postfix main.cf file.

# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
.............
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}

till 6th February 2006 08:31

Dont uninstall ISPCOnfig. ISPCOnfig does not configure IMAPS and SMTPS at all, so reinstalling it wont change anything!

I guess the lines above are from your postfix master.cf, not from main.cf. Plesae try to uncomment the smtps line and restart postfix.

For POP3s amd IMAPs, please post the output of:

netstat -tap

wwparrish 6th February 2006 14:54

You are of correct, it is the master.cf. Thanks for the help. uncommenting that line and rebooting now. We shall see be right back. Sorry dont know how to make the cut and paste look better.

Before (now) I get:
ares:~ # netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:filenet-rpc *:* LISTEN -
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 *:mysql *:* LISTEN 8888/mysqld
tcp 0 0 localhost:ris-cm *:* LISTEN 5236/fam
tcp 0 0 *:783 *:* LISTEN 5275/rpc.rquotad
tcp 0 0 *:sunrpc *:* LISTEN 4714/portmap
tcp 0 0 *:hosts2-ns *:* LISTEN 13242/ispconfig_htt
tcp 0 0 *:rrh *:* LISTEN 5249/rpc.mountd
tcp 0 0 *:ftp *:* LISTEN 24871/proftpd: (acc
tcp 0 0 ares.hitechfab.n:domain *:* LISTEN 13459/named
tcp 0 0 localhost:domain *:* LISTEN 13459/named
tcp 0 0 *:ipp *:* LISTEN 5582/cupsd
tcp 0 0 *:smtp *:* LISTEN 24834/master
tcp 0 0 localhost:953 *:* LISTEN 13459/named
tcp 0 0 localhost:6010 *:* LISTEN 32542/0
tcp 0 0 *:pop3 *:* LISTEN 24210/couriertcpd
tcp 0 0 *:imap *:* LISTEN 24177/couriertcpd
tcp 0 0 *:www-http *:* LISTEN 13311/httpd2-prefor
tcp 0 0 *:ssh *:* LISTEN 4930/sshd
tcp 0 0 *:smtp *:* LISTEN 24834/master
tcp 0 0 localhost:953 *:* LISTEN 13459/named
tcp 0 0 localhost:6010 *:* LISTEN 32542/0
tcp 0 0 *:https *:* LISTEN 13311/httpd2-prefor

wwparrish 6th February 2006 15:04

Well, apparently I now have a secure smtp process running but no pops or imaps. Goint to set that back like it was so I dont get too many variables changing while I trouble shoot. Where does courier put its logs ?

ares:/etc/postfix # netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:filenet-rpc *:* LISTEN -
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 *:mysql *:* LISTEN 8888/mysqld
tcp 0 0 localhost:ris-cm *:* LISTEN 5236/fam
tcp 0 0 *:783 *:* LISTEN 5275/rpc.rquotad
tcp 0 0 *:sunrpc *:* LISTEN 4714/portmap
tcp 0 0 *:smtps *:* LISTEN 24834/master
tcp 0 0 *:hosts2-ns *:* LISTEN 13242/ispconfig_htt
tcp 0 0 *:rrh *:* LISTEN 5249/rpc.mountd
tcp 0 0 *:ftp *:* LISTEN 24871/proftpd: (acc
tcp 0 0 ares.hitechfab.n:domain *:* LISTEN 13459/named
tcp 0 0 localhost:domain *:* LISTEN 13459/named
tcp 0 0 *:ipp *:* LISTEN 5582/cupsd
tcp 0 0 *:smtp *:* LISTEN 24834/master
tcp 0 0 localhost:953 *:* LISTEN 13459/named
tcp 0 0 localhost:6010 *:* LISTEN 32542/0
tcp 0 0 *:pop3 *:* LISTEN 24210/couriertcpd
tcp 0 0 *:imap *:* LISTEN 24177/couriertcpd
tcp 0 0 *:www-http *:* LISTEN 13311/httpd2-prefor
tcp 0 0 *:smtps *:* LISTEN 24834/master
tcp 0 0 *:ssh *:* LISTEN 4930/sshd
tcp 0 0 *:smtp *:* LISTEN 24834/master
tcp 0 0 localhost:953 *:* LISTEN 13459/named
tcp 0 0 localhost:6010 *:* LISTEN 32542/0
tcp 0 0 *:https *:* LISTEN 13311/httpd2-prefor
tcp 0 3356


ares.hitechfab.net:ssh

wwparrish 6th February 2006 15:18

Some more info Courier is enabled in the services in yast.

System Services (Runlevel): Services


│apache2 │Yes │Apache2 httpd │
│atd │No │Start AT batch job daemon │
│autofs │No │Start the autofs daemon for automatic mounting of file│
│autoyast │No* │A start script to execute autoyast scripts │
│bastille-firewall │No* │ │
│bluetooth │No │Bluetooth protocol stack services ┴
│courier-authdaemon │Yes │Courier-IMAP Authentication server │
│courier-imap │Yes │Courier-IMAP server │
│courier-imap-ssl │Yes │Courier-IMAP server for SSL connections │
│courier-pop │Yes │Courier-POP3 server │
│courier-pop-ssl │Yes │Courier-POP3 server for SSL connections

wwparrish 6th February 2006 16:27

I am having some luck with new/corrected startup scriprs provided by another post. By changing the startup scripts (not the config files) in /etc/init.d courier-imap-ssl and courier-pop-ssl to the modified ones I now have the processes back running and listening.

going to test now. I noticed the firewall does not have the ssl ports open by default, I would assume (oh oh !!) that ports 993 and 995 need to be opened.

new configuration survived a reboot with all 4 services pop pop-ssl imap imap-ssl running and listening.

This is the post with the corrected/fixed scripts that (seem to) solved my problem.

http://www.howtoforge.com/forums/showthread.php?t=2356

falko 6th February 2006 18:16

Quote:

Originally Posted by wwparrish
going to test now. I noticed the firewall does not have the ssl ports open by default, I would assume (oh oh !!) that ports 993 and 995 need to be opened.

Yes, port 993 for IMAPs and port 995 for POP3s.


All times are GMT +2. The time now is 13:59.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.