Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th March 2007, 01:04
skyeyedoc skyeyedoc is offline
Junior Member
 
Join Date: Mar 2007
Location: North Carolina, USA
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to skyeyedoc
Default POP3-TLS Error - Domain Name Mismatch

Using a new 'Perfect Setup' server on a Debian 3.1-Sarge build, almost everything is working great! BUT, when Thunderbird logs in to the pop3 server it throws this error:

'You have attempted to establish a connection with "someurl.com". However, the security certificate presented belongs to "localhost". '

The message goes away if I disable TLS in Thunderbird, but I'd like to make it work.

I tried re-running generation of the certificate using openssl in the manner described in this thread: http://www.howtoforge.com/forums/showthread.php?t=1016

...I ran those commands, restarted postfix, but it didn't resolve the problem. Clearly a certificate is being issued and forwarded to Thunderbird, but it is mislabeled some how.

BTW, this body of work is wonderful! My deep gratitude to Mr. Timmes, and all the contributors to this forum!!!

Elliott

BTW, I do have ISPConfig working with this set up, too. If I need to regenerate the certificates with some corrections/editing, can ISPConfig help with that? Learning as I go!

Last edited by skyeyedoc; 14th March 2007 at 22:37.
Reply With Quote
Sponsored Links
  #2  
Old 14th March 2007, 21:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Which POP3 server do you use? Is it Courier?
What's the output of
Code:
netstat -tap
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 14th March 2007, 22:35
skyeyedoc skyeyedoc is offline
Junior Member
 
Join Date: Mar 2007
Location: North Carolina, USA
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to skyeyedoc
Default

G'day, Falco!

Thanks so much for your guide!

Yes, it is Courier. Here is the output of netstat -tap:

myserver:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 1176/couriertcpd
tcp 0 0 *:9090 *:* LISTEN 1418/perl
tcp 0 0 *:pop3s *:* LISTEN 1199/couriertcpd
tcp 0 0 localhost.localdom:9092 *:* LISTEN 1477/mysqld
tcp 0 0 *:9000 *:* LISTEN 1418/perl
tcp 0 0 *:mysql *:* LISTEN 1257/mysqld
tcp 0 0 *:pop3 *:* LISTEN 1185/couriertcpd
tcp 0 0 *:imap2 *:* LISTEN 1162/couriertcpd
tcp 0 0 *:www *:* LISTEN 1526/apache2
tcp 0 0 *:81 *:* LISTEN 1489/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 24271/proftpd: (acc
tcp 0 0 virt-server.some:domain *:* LISTEN 1655/named
tcp 0 0 myserver.someurl.domain *:* LISTEN 1655/named
tcp 0 0 localhost.locald:domain *:* LISTEN 1655/named
tcp 0 0 *:ssh *:* LISTEN 1423/sshd
tcp 0 0 *:smtp *:* LISTEN 24322/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 1655/named
tcp 0 0 *:https *:* LISTEN 1526/apache2
tcp 0 0 *:3483 *:* LISTEN 1418/perl


BTW, I've written some notes on how well your guide works, and I'd like to post it to a server-newbies forum when it's polished. Any suggestion where? Thanks!

Last edited by skyeyedoc; 14th March 2007 at 23:54.
Reply With Quote
  #4  
Old 15th March 2007, 15:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

If you use Courier, you can use the command mkpop3dcert to generate a new certificate. Take a look at
Code:
man mkpop3dcert
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 15th March 2007, 18:54
skyeyedoc skyeyedoc is offline
Junior Member
 
Join Date: Mar 2007
Location: North Carolina, USA
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to skyeyedoc
Default

Ok. I think I might have got it. No luck with mkpop3dcert the first time around, despite my renaming /usr/lib/courier/pop3d.pem to usr/lib/courier/pop3d.pem.save. It ran and went through the motions of making a certificate, but on checking mail in T-bird, I found the same problems with an old certificate still dated from last week and belonging to CN=localhost.

Then I found /etc/courier/pop3d.pem as well, so I renamed that one to .sav, and reran mkpop3dcert. Again it made a certificate. Now Thunderbird seems to work correctly. Good!

Is it correct for pop3d.pem to reside in both /usr/lib/courier and /etc/courier? As I look at the files now, pop3d.pem is only to be found in /usr/lib/courier. Is there supposed to be a symlink from /usr/lib/courier/pop3d.pem to a file in /etc/courier?

Thanks so much for the help!

Last edited by skyeyedoc; 15th March 2007 at 22:23.
Reply With Quote
  #6  
Old 15th March 2007, 22:21
skyeyedoc skyeyedoc is offline
Junior Member
 
Join Date: Mar 2007
Location: North Carolina, USA
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to skyeyedoc
 
Default

Ok. A postscript:

I'll answer my own question: It looks like there must be a symlink from /etc/courier/pop3d.pem back to the /usr/lib/courier/pop3d.pem file. When I thought I had it working earlier today, it was not actually working. A review of /var/log/mail.log showed this with an error message. The server was seeking pop3d.pem in /etc/courier, but not finding it there. I created the symlink by running:

ln -s /usr/lib/courier/pop3d.pem /etc/courier/pop3d.pem

Then I restarted all courier servers, and postfix, just to be really thourough, and now it works perfectly as a TLS enable server.

Woot!

Elliott

Last edited by skyeyedoc; 15th March 2007 at 23:18.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Running POP3 and IMAP Server at the same time? sjau Server Operation 1 26th January 2007 14:15
Slow POP3 with Dovecot and/or Courier makedo Server Operation 9 12th September 2006 16:13
UebiMiau login puntjuh Installation/Configuration 13 14th March 2006 18:24
POP3 SMTP FTP problem arsu Installation/Configuration 1 11th November 2005 09:32
Unable to connect MS Outlook to pop3 nandhu HOWTO-Related Questions 1 12th August 2005 18:06


All times are GMT +2. The time now is 12:54.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.