Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th December 2012, 23:29
patrick3853 patrick3853 is offline
Member
 
Join Date: Dec 2008
Posts: 30
Thanks: 3
Thanked 7 Times in 3 Posts
Default Courier can't authenticate over SSL

Followed virtual users postfix ubuntu 12.10 guide. I can connect over ports 143 and 110, but 995 and 993 don't work. Seems to be a problem with certificates but i've spent hours on google with no luck.

Telnet on 110 works fine, no errors show up in mail.log:

Code:
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Hello there.
Telnet on 995 or 993 doesn't connect:

Code:
telnet localhost 995
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Hangs there and I get the following entry in mail.log when I try connecting over 995 in Thunderbird:

Code:
couriertls: read: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I created the certificates using mkpop3dcert and mkimapdcert. Contents of
pop3d.cnf:

Code:
RANDFILE = /usr/lib/courier/pop3d.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
default_md = sha1

[ req_dn ]
C=US
ST=TN
L=Nashville
O=Courier Mail Server
OU=Automatically-generated POP3 SSL key
CN=myhost.mydomain.com
emailAddress=info@mydomain.com


[ cert_type ]
nsCertType = server
Any ideas? I'm pretty stuck at this point.
Reply With Quote
Sponsored Links
  #2  
Old 5th December 2012, 14:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

What's the output of
Code:
netstat -tap
? Any errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 5th December 2012, 18:28
patrick3853 patrick3853 is offline
Member
 
Join Date: Dec 2008
Posts: 30
Thanks: 3
Thanked 7 Times in 3 Posts
Default

Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:http                  *:*                     LISTEN      1472/apache2
tcp        0      0 *:ssh                   *:*                     LISTEN      558/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      9908/master
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      833/amavisd-new (ma
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      9908/master
tcp        0     52 myhost.mydomain.com:ssh 10.1.11.5:50196         ESTABLISHED 23159/sshd: patrick
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      8476/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      8408/couriertcpd
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      558/sshd
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      9908/master
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      8445/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      8513/couriertcpd
Here are all the errors in mail.log. They occur when someone tries to connect using ssl through outlook or thunderbird

Code:
pop3d-ssl: LOGIN FAILED, user=***, ip=[::ffff:***]
pop3d-ssl: Unexpected SSL connection shutdown.

pop3d-ssl: couriertls: read: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

postfix/smtpd[8519]: improper command pipelining after EHLO from unknown[10.1.11.5]: QUIT\r\n

Last edited by patrick3853; 5th December 2012 at 19:25.
Reply With Quote
  #4  
Old 5th December 2012, 23:15
patrick3853 patrick3853 is offline
Member
 
Join Date: Dec 2008
Posts: 30
Thanks: 3
Thanked 7 Times in 3 Posts
Default

I think the problem is with the certificates or how courier is handling them. netstat shows that courier is listening on 995 and 993 and I see entries in the mail log when a user tries to connect. And it doesn't seem to be a problem with saslauth or the mysql virtual users setup because users can connect just fine over 110 and 95.

However, I have no idea how to test the certificates to see where the problem is or how to fix it
Reply With Quote
  #5  
Old 7th December 2012, 08:05
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
 
Default

Can you recreate the certificates and just accept the default values?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 15:08
Need help with ISPConfig 3 Update midcarolina Installation/Configuration 36 8th November 2011 22:07
Adding SSL certificate to Site snowfly Installation/Configuration 2 31st May 2011 12:54
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
postfix courier not running in ssl mode? shadowsa Server Operation 4 19th December 2005 13:20


All times are GMT +2. The time now is 11:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.