HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Courier can't authenticate over SSL (http://www.howtoforge.com/forums/showthread.php?t=59876)

patrick3853 4th December 2012 23:29

Courier can't authenticate over SSL
 
Followed virtual users postfix ubuntu 12.10 guide. I can connect over ports 143 and 110, but 995 and 993 don't work. Seems to be a problem with certificates but i've spent hours on google with no luck.

Telnet on 110 works fine, no errors show up in mail.log:

Code:

telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Hello there.

Telnet on 995 or 993 doesn't connect:

Code:

telnet localhost 995
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.

Hangs there and I get the following entry in mail.log when I try connecting over 995 in Thunderbird:

Code:

couriertls: read: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I created the certificates using mkpop3dcert and mkimapdcert. Contents of
pop3d.cnf:

Code:

RANDFILE = /usr/lib/courier/pop3d.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
default_md = sha1

[ req_dn ]
C=US
ST=TN
L=Nashville
O=Courier Mail Server
OU=Automatically-generated POP3 SSL key
CN=myhost.mydomain.com
emailAddress=info@mydomain.com


[ cert_type ]
nsCertType = server

Any ideas? I'm pretty stuck at this point.

falko 5th December 2012 14:21

What's the output of
Code:

netstat -tap
? Any errors in your mail log?

patrick3853 5th December 2012 18:28

Code:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 *:http                  *:*                    LISTEN      1472/apache2
tcp        0      0 *:ssh                  *:*                    LISTEN      558/sshd
tcp        0      0 *:smtp                  *:*                    LISTEN      9908/master
tcp        0      0 localhost.localdo:10024 *:*                    LISTEN      833/amavisd-new (ma
tcp        0      0 localhost.localdo:10025 *:*                    LISTEN      9908/master
tcp        0    52 myhost.mydomain.com:ssh 10.1.11.5:50196        ESTABLISHED 23159/sshd: patrick
tcp6      0      0 [::]:pop3              [::]:*                  LISTEN      8476/couriertcpd
tcp6      0      0 [::]:imap2              [::]:*                  LISTEN      8408/couriertcpd
tcp6      0      0 [::]:ssh                [::]:*                  LISTEN      558/sshd
tcp6      0      0 [::]:smtp              [::]:*                  LISTEN      9908/master
tcp6      0      0 [::]:imaps              [::]:*                  LISTEN      8445/couriertcpd
tcp6      0      0 [::]:pop3s              [::]:*                  LISTEN      8513/couriertcpd

Here are all the errors in mail.log. They occur when someone tries to connect using ssl through outlook or thunderbird

Code:

pop3d-ssl: LOGIN FAILED, user=***, ip=[::ffff:***]
pop3d-ssl: Unexpected SSL connection shutdown.

pop3d-ssl: couriertls: read: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

postfix/smtpd[8519]: improper command pipelining after EHLO from unknown[10.1.11.5]: QUIT\r\n


patrick3853 5th December 2012 23:15

I think the problem is with the certificates or how courier is handling them. netstat shows that courier is listening on 995 and 993 and I see entries in the mail log when a user tries to connect. And it doesn't seem to be a problem with saslauth or the mysql virtual users setup because users can connect just fine over 110 and 95.

However, I have no idea how to test the certificates to see where the problem is or how to fix it :(

falko 7th December 2012 08:05

Can you recreate the certificates and just accept the default values?


All times are GMT +2. The time now is 18:18.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.