Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th January 2010, 02:27
torg torg is offline
Junior Member
 
Join Date: Jan 2010
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default Courier likes 995/SSL, doesn't like 110/TLS.

So, everything is working, the birds are singing, there's a spring in my step.

Almost.

I can login and collect mail fine if I configure Thunderbird to use SSL on port 995, but if I switch to TLS on port 110, all I get in maillog is
Code:
postfix/master[23325]: daemon started -- version 2.6.5, configuration /etc/postfix
pop3d: Connection, ip=[::ffff:192.168.1.2]
pop3d: Disconnected, ip=[::ffff:192.168.1.2]
Thunderbird reports 'Unable to establish a TLS connection to POP3 server. [...]'.

(How can I control the log-levels of pop3d and pop3d-ssl? I don't have much to go on.)

So, what's going on here? How can I tell Courier to listen to TLS on 110?

Thanks,
Reply With Quote
Sponsored Links
  #2  
Old 18th January 2010, 09:49
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

What's the content of your main.cf?
Reply With Quote
  #3  
Old 18th January 2010, 11:23
torg torg is offline
Junior Member
 
Join Date: Jan 2010
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Mark_NL View Post
What's the content of your main.cf?
main.cf? Doesn't that control PostFix?

Anyway,
Code:
[root@torg ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 7
debug_peer_list = $myhostname $mydomain
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost, localhost.localdomain
mydomain = $myhostname
myhostname = mydomain.com
mynetworks = 192.168.1.0/24
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES
relay_domains =
relayhost = smtp1.bethere.co.uk:25
sample_directory = /usr/share/doc/postfix-2.6.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 3
smtpd_tls_security_level = encrypt
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000
Reply With Quote
  #4  
Old 18th January 2010, 13:02
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

aw crap .. i mean courier

/etc/courier/pop3d

there's a setting called POP3AUTH_TLS= ""
Reply With Quote
  #5  
Old 18th January 2010, 18:17
torg torg is offline
Junior Member
 
Join Date: Jan 2010
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Code:
[root@torg ~]# sed '/^\#/d' /etc/courier/pop3d | sed '/^$/d'
PIDFILE=/var/spool/courier/tmp/pop3d.pid
MAXDAEMONS=40
MAXPERIP=4
POP3AUTH=""
POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
POP3AUTH_TLS=""
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
POP3_PROXY=0
PORT=110
ADDRESS=0
TCPDOPTS="-nodnslookup -noidentlookup"
LOGGEROPTS="-name=pop3d"
POP3DSTART=YES
MAILDIRPATH=Maildir
and
Code:
[root@torg ~]# sed '/^\#/d' /etc/courier/pop3d-ssl | sed '/^$/d'
SSLPORT=995
SSLADDRESS=0
SSLPIDFILE=/var/spool/courier/tmp/pop3d-ssl.pid
SSLLOGGEROPTS="-name=pop3d-ssl"
POP3DSSLSTART=YES
POP3_STARTTLS=YES
POP3_TLS_REQUIRED=1
COURIERTLS=/usr/lib/courier/bin/couriertls
TLS_STARTTLS_PROTOCOL=TLS1
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/usr/lib/courier/share/pop3d.pem
TLS_TRUSTCERTS=/etc/pki/tls/cert.pem
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/spool/courier/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir
I tried setting POP3AUTH_TLS="LOGIN", but that had no effect. I don't want to fiddle, 'cos I'll only break things.

Where should I be looking, exactly?
Reply With Quote
  #6  
Old 10th February 2010, 04:27
esmiz esmiz is offline
Member
 
Join Date: Dec 2009
Posts: 44
Thanks: 4
Thanked 3 Times in 3 Posts
Default

Hi Torg

Did you finally fix it?
I'm having the exact same issue on a server runing debian. Tls doesn't want to work. Thundebird says:

An error occurred during a connection to mail.server1.com:110.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

Config files pop3d and pop3d-ssl are default from ispconfig 3

Regards
Reply With Quote
  #7  
Old 11th February 2010, 03:29
esmiz esmiz is offline
Member
 
Join Date: Dec 2009
Posts: 44
Thanks: 4
Thanked 3 Times in 3 Posts
Default Courier pop tls problem

Hi there

Apparently courier is not sending a valid certificate. Doing from outside:

openssl s_client -connect mail.larawines.comop3s -starttls pop3

I get

CONNECTED(00000003)
21206:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Running the same command within the server, I get:

CONNECTED(00000003)
write:errno=32

This is what I see in syslog:

Feb 11 03:36:04 ks363572 pop3d-ssl: couriertls: /etc/ssl/certs/70cdada4.0: No such file or directory


It's quite weird because I have another server running also a debian lenny 64bit with the same settings that works well.
It's a self-signed certificate and I have recreate it many times, but that shouldn 't matter, isn't it?

Does anyone have any clue?

Regards

Last edited by esmiz; 11th February 2010 at 03:39. Reason: Adding some more logs
Reply With Quote
  #8  
Old 11th February 2010, 17:10
esmiz esmiz is offline
Member
 
Join Date: Dec 2009
Posts: 44
Thanks: 4
Thanked 3 Times in 3 Posts
 
Default

Good afternoon

Well, finally problem seem to be solved. And it had an easy solution just,

aptitude purge ca-certificates ssl-cert courier-ssl courier-imap-ssl courier-pop-ssl

and after that

aptitude install ca-certificates ssl-cert courier-ssl courier-imap-ssl courier-pop-ssl

That was the las thing I wanted to do because I thought that uninstalling things could have nasty effects with the rest of the ispconfig 3 setup, but everything seems to be still working.

It looks like the default certificates that courier makes during reinstallation works, but not the ones I do myself. I'd like to understand why, but thinking twice I'm happy and just hope problem is really fixed.

Regards
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.04) Master One HOWTO-Related Questions 4 1st July 2009 15:38
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 8.10) VTCop HOWTO-Related Questions 9 9th April 2009 16:17
Fedora 5 yum update breaks courier auth unclecameron Server Operation 0 26th January 2007 08:12
Upgrade question for "Virtual Users And Domains With Postfix, Courier And MySQL" emresumengen HOWTO-Related Questions 3 1st December 2006 15:33
Virtual Users And Domains With Postfix, Courier And MySQL - "apt-get" and Courier burritonator HOWTO-Related Questions 3 15th March 2006 20:11


All times are GMT +2. The time now is 02:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.