HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Core 4: Error Messages on Fresh Install re CTX/SSL (http://www.howtoforge.com/forums/showthread.php?t=6569)

jjw 1st September 2006 00:46

Core 4: Error Messages on Fresh Install re CTX/SSL
 
Thank is advance to anyone reading and helping. ~jjw

Fresh install Core 4 following perfect setup (except: I never added extra virtual IPs)

We have a local DNS server that points correctly to the new ISPConfig-installed server.

I set up a site, and a mail user (web1_test). I then attemtped to connect to get mail with Thunderbird, set up for secure connection. It failed, and I got similar error messages as a previous failed attempt remotely.

Here are the errors:
Code:

Aug 31 18:04:58 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:04:58 mail postfix/master[29873]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:07:04 mail ipop3d[30995]: pop3 service init from 127.0.0.1
Aug 31 18:08:15 mail ipop3d[31606]: pop3 service init from 127.0.0.1
Aug 31 18:08:16 mail ipop3d[31606]: Login user=web1_lucifer host=localhost.local domain [127.0.0.1] nmsgs=0/0
Aug 31 18:08:16 mail ipop3d[31606]: Command stream end of file while reading lin e user=web1_lucifer host=localhost.localdomain [127.0.0.1]
Aug 31 18:19:47 mail ipop3d[29003]: pop3s SSL service init from 192.168.0.13
Aug 31 18:19:47 mail ipop3d[29003]: Unable to load certificate from /usr/share/s sl/certs/ipop3d.pem, host=[192.168.0.13]
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:02001002:system libr ary:fopen:No such file or directory
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:20074002:BIO routine s:FILE_CTRL:system lib
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:140DC002:SSL routine s:SSL_CTX_use_certificate_chain_file:system lib
Aug 31 18:31:54 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:31:54 mail postfix/master[2204]: daemon started -- version 2.2.2, conf iguration /etc/postfix

I then attempted a non-secure connection. It never worked, and there were no new entries in maillog. :| Matter of fact, I rebooted the system and attempted another non-secure connection. Again, nothing new added.

Where have I erred?

Entire maillog:
Code:

Aug 31 16:24:11 mail sendmail[2031]: alias database /etc/aliases rebuilt by root
Aug 31 16:24:11 mail sendmail[2031]: /etc/aliases: 76 aliases, longest 10 bytes,  765 bytes total
Aug 31 16:24:11 mail sendmail[2035]: starting daemon (8.13.4): SMTP+queueing@01: 00:00
Aug 31 16:24:11 mail sm-msp-queue[2041]: starting daemon (8.13.4): queueing@01:0 0:00
Aug 31 17:01:12 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 17:01:12 mail postfix/master[4051]: daemon started -- version 2.2.2, conf iguration /etc/postfix
Aug 31 17:01:12 mail postfix/smtpd[4080]: connect from localhost.localdomain[127 .0.0.1]
Aug 31 17:01:22 mail postfix/smtpd[4080]: disconnect from localhost.localdomain[ 127.0.0.1]
Aug 31 17:29:16 mail sendmail[20178]: k7VLTGmu020178: from=root, size=822, class =0, nrcpts=1, msgid=<200608312129.k7VLTGmu020178@mail.wnetworks.net>, relay=root @localhost
Aug 31 17:29:17 mail postfix/smtpd[20179]: connect from localhost.localdomain[12 7.0.0.1]
Aug 31 17:29:17 mail postfix/smtpd[20179]: setting up TLS connection from localh ost.localdomain[127.0.0.1]
Aug 31 17:29:17 mail postfix/smtpd[20179]: TLS connection established from local host.localdomain[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Aug 31 17:29:17 mail sendmail[20178]: STARTTLS=client, relay=[127.0.0.1], versio n=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 31 17:29:17 mail postfix/smtpd[20179]: 901E676E2A9: client=localhost.localdo main[127.0.0.1], sasl_sender=root@mail.wnetworks.net
Aug 31 17:29:17 mail postfix/cleanup[20182]: 901E676E2A9: message-id=<2006083121 29.k7VLTGmu020178@mail.wnetworks.net>
Aug 31 17:29:17 mail postfix/qmgr[4057]: 901E676E2A9: from=<root@mail.wnetworks. net>, size=1448, nrcpt=1 (queue active)
Aug 31 17:29:17 mail sendmail[20178]: k7VLTGmu020178: to=root, ctladdr=root (0/0 ), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30822, relay=[127.0.0.1] [ 127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 901E676E2A9)
Aug 31 17:29:17 mail postfix/smtpd[20179]: disconnect from localhost.localdomain [127.0.0.1]
Aug 31 17:29:17 mail postfix/local[20183]: 901E676E2A9: to=<root@mail.wnetworks. net>, relay=local, delay=0, status=sent (delivered to mailbox)
Aug 31 17:29:17 mail postfix/qmgr[4057]: 901E676E2A9: removed
Aug 31 17:57:38 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 17:57:38 mail postfix/master[4051]: terminating on signal 15
Aug 31 17:57:41 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 17:57:41 mail postfix/master[14695]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 17:58:18 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 17:58:18 mail postfix/master[14695]: terminating on signal 15
Aug 31 17:58:19 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 17:58:19 mail postfix/master[17235]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:04:18 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 18:04:18 mail postfix/master[17235]: terminating on signal 15
Aug 31 18:04:23 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:04:23 mail postfix/master[29452]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:04:57 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 18:04:57 mail postfix/master[29452]: terminating on signal 15
Aug 31 18:04:58 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:04:58 mail postfix/master[29873]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:07:04 mail ipop3d[30995]: pop3 service init from 127.0.0.1
Aug 31 18:08:15 mail ipop3d[31606]: pop3 service init from 127.0.0.1
Aug 31 18:08:16 mail ipop3d[31606]: Login user=web1_lucifer host=localhost.local domain [127.0.0.1] nmsgs=0/0
Aug 31 18:08:16 mail ipop3d[31606]: Command stream end of file while reading lin e user=web1_lucifer host=localhost.localdomain [127.0.0.1]
Aug 31 18:19:47 mail ipop3d[29003]: pop3s SSL service init from 192.168.0.13
Aug 31 18:19:47 mail ipop3d[29003]: Unable to load certificate from /usr/share/s sl/certs/ipop3d.pem, host=[192.168.0.13]
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:02001002:system libr ary:fopen:No such file or directory
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:20074002:BIO routine s:FILE_CTRL:system lib
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:140DC002:SSL routine s:SSL_CTX_use_certificate_chain_file:system lib
Aug 31 18:31:54 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:31:54 mail postfix/master[2204]: daemon started -- version 2.2.2, conf iguration /etc/postfix
Aug 31 18:32:33 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 18:32:33 mail postfix/master[2204]: terminating on signal 15
Aug 31 18:32:34 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:32:35 mail postfix/master[2553]: daemon started -- version 2.2.2, conf iguration /etc/postfix


jjw 1st September 2006 00:57

# find / -name ipop3d.pem yields nothing. Of course then, this error message:
Code:

Aug 31 18:53:50 mail ipop3d[3621]: Unable to load certificate from /usr/share/ssl/certs/ipop3d.pem, host=[192.168.0.13]
So, why is there no ipop3d.pem?:confused:

jjw 1st September 2006 00:59

# find / -name "*.pem"
/etc/pki/tls/cert.pem
/etc/pki/dovecot/dovecot.pem
/etc/pki/dovecot/private/dovecot.pem
/etc/postfix/ssl/cacert.pem
/etc/postfix/ssl/cakey.pem
/usr/share/swamp/CA.pem
/usr/share/swamp/A-client.pem
/home/joe/Desktop/edMailServer/master/etc/postfix/ssl/cacert.pem
/home/joe/Desktop/edMailServer/master/etc/postfix/ssl/cakey.pem

till 1st September 2006 10:01

Your ipop3d ssl certificates where missing. Try to reinstall ipop3d, the certificates where normally generated automatically during installation.

jjw 1st September 2006 12:31

Thank you for the response Till.

I am not sure how to do this, as there is no outright declaration for install pop3d in the perfect setup guide. How would you do this?

~jjw

jjw 1st September 2006 19:47

Trying Again
 
Thanks for reading ~ jjw

Ok, so I started from scratch again. Followed the perfect install for Core 4 (except, no added IPs-why does it tell us to do this if we don't use them?).

Followed it every step of the way, and I'm getting the same error messages:
Code:

Sep  1 13:35:28 mail postfix/master[4185]: daemon started -- version 2.2.2, configuration /etc/postfix
Sep  1 13:35:47 mail ipop3d[4226]: pop3 service init from 127.0.0.1
Sep  1 13:35:47 mail ipop3d[4226]: Login user=web1_newTest host=localhost.localdomain [127.0.0.1] nmsgs=0/0
Sep  1 13:35:47 mail ipop3d[4226]: Command stream end of file while reading line user=web1_newTest host=localhost.localdomain [127.0.0.1]
Sep  1 13:40:01 mail ipop3d[4560]: pop3 service init from 192.168.0.13
Sep  1 13:40:26 mail ipop3d[4560]: Command stream end of file while reading line user=??? host=[192.168.0.13]
Sep  1 13:40:44 mail ipop3d[4583]: pop3s SSL service init from 192.168.0.13
Sep  1 13:40:44 mail ipop3d[4583]: Unable to load certificate from /usr/share/ssl/certs/ipop3d.pem, host=[192.168.0.13]
Sep  1 13:40:44 mail ipop3d[4583]: SSL error status: error:02001002:system library:fopen:No such file or directory
Sep  1 13:40:44 mail ipop3d[4583]: SSL error status: error:20074002:BIO routines:FILE_CTRL:system lib
Sep  1 13:40:44 mail ipop3d[4583]: SSL error status: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib

I have DNS pointing to the IP address of the interface, and you can see I started a connection. If I followed the perfect install, why wasn't this certificate created?

In fact, I got an error this time after reinstall (8182 corrupt certificate), and followed the dorections here for a rebuild:

http://www.wallpaperama.com/disp-post70.html

The 8182 error has happened every time I've done an install, except one time. Can someone tell me where I am wrong?

~jjw

till 2nd September 2006 10:08

Are you able to connect to pop3 without ssl encryption?

jjw 3rd September 2006 16:03

Quote:

Originally Posted by till
Are you able to connect to pop3 without ssl encryption?

Thank you Till. I have since done two complete re-installs of OS & ISPConfig, and getting the same issue.

To answer your question: Yes, I can connect to pop3 from another machine from command line, and send email to the newest account I have created. I can see the statistics, and I can see the email in the mbox file (I've since changed to Maildir). Yet, cannot connect with mail client using SSL.

till 3rd September 2006 18:18

Please post the output of:

netstat -tap

jjw 3rd September 2006 20:07

netstat -tap:
Code:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address              Foreign Address            State      PID/Program name
tcp        0      0 *:imaps                    *:*                        LISTEN      2002/xinetd
tcp        0      0 *:32769                    *:*                        LISTEN      1670/rpc.statd
tcp        0      0 *:pop3s                    *:*                        LISTEN      2002/xinetd
tcp        0      0 *:mysql                    *:*                        LISTEN      2093/mysqld
tcp        0      0 *:pop3                      *:*                        LISTEN      2002/xinetd
tcp        0      0 *:imap                      *:*                        LISTEN      2002/xinetd
tcp        0      0 *:sunrpc                    *:*                        LISTEN      1651/portmap
tcp        0      0 *:81                        *:*                        LISTEN      2415/ispconfig_http
tcp        0      0 192.168.0.10:domain        *:*                        LISTEN      3370/named
tcp        0      0 mail.wnetworks.net:domain  *:*                        LISTEN      3370/named
tcp        0      0 mail.wnetworks.net:ipp      *:*                        LISTEN      1945/cupsd
tcp        0      0 mail.wnetworks.net:5335    *:*                        LISTEN      1927/mDNSResponder
tcp        0      0 mail.wnetworks.net:rndc    *:*                        LISTEN      3370/named
tcp        0      0 *:smtp                      *:*                        LISTEN      3339/master
tcp        0      0 mail.wnetworks.net:rndc    mail.wnetworks.net:46981    TIME_WAIT  -
tcp        0      0 mail.wnetworks.net:53582    mail.wnetworks.net:ipp      ESTABLISHED 3602/eggcups
tcp        0      0 mail.wnetworks.net:ipp      mail.wnetworks.net:53582    ESTABLISHED 1945/cupsd
tcp        0      0 *:http                      *:*                        LISTEN      3271/httpd
tcp        0      0 *:ftp                      *:*                        LISTEN      3390/proftpd: (acce
tcp        0      0 *:ssh                      *:*                        LISTEN      1993/sshd
tcp        0      0 *:https                    *:*                        LISTEN      3271/httpd
tcp        0      0 ::ffff:192.168.0.10:ssh    ::ffff:192.168.0.13:1204    ESTABLISHED 2975/sshd: joe [pri
tcp        0      0 ::ffff:192.168.0.10:ssh    ::ffff:192.168.0.13:1203    ESTABLISHED 2955/sshd: joe [pri



All times are GMT +2. The time now is 11:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.