Core 4: Error Messages on Fresh Install re CTX/SSL

Thank is advance to anyone reading and helping. ~jjw

Fresh install Core 4 following perfect setup (except: I never added extra virtual IPs)

We have a local DNS server that points correctly to the new ISPConfig-installed server.

I set up a site, and a mail user (web1_test). I then attemtped to connect to get mail with Thunderbird, set up for secure connection. It failed, and I got similar error messages as a previous failed attempt remotely.

Here are the errors:

Code:

Aug 31 18:04:58 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:04:58 mail postfix/master[29873]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:07:04 mail ipop3d[30995]: pop3 service init from 127.0.0.1
Aug 31 18:08:15 mail ipop3d[31606]: pop3 service init from 127.0.0.1
Aug 31 18:08:16 mail ipop3d[31606]: Login user=web1_lucifer host=localhost.local domain [127.0.0.1] nmsgs=0/0
Aug 31 18:08:16 mail ipop3d[31606]: Command stream end of file while reading lin e user=web1_lucifer host=localhost.localdomain [127.0.0.1]
Aug 31 18:19:47 mail ipop3d[29003]: pop3s SSL service init from 192.168.0.13
Aug 31 18:19:47 mail ipop3d[29003]: Unable to load certificate from /usr/share/s sl/certs/ipop3d.pem, host=[192.168.0.13]
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:02001002:system libr ary:fopen:No such file or directory
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:20074002:BIO routine s:FILE_CTRL:system lib
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:140DC002:SSL routine s:SSL_CTX_use_certificate_chain_file:system lib
Aug 31 18:31:54 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:31:54 mail postfix/master[2204]: daemon started -- version 2.2.2, conf iguration /etc/postfix

I then attempted a non-secure connection. It never worked, and there were no new entries in maillog. :| Matter of fact, I rebooted the system and attempted another non-secure connection. Again, nothing new added.

Where have I erred?

Entire maillog:

Code:

Aug 31 16:24:11 mail sendmail[2031]: alias database /etc/aliases rebuilt by root
Aug 31 16:24:11 mail sendmail[2031]: /etc/aliases: 76 aliases, longest 10 bytes,  765 bytes total
Aug 31 16:24:11 mail sendmail[2035]: starting daemon (8.13.4): SMTP+queueing@01: 00:00
Aug 31 16:24:11 mail sm-msp-queue[2041]: starting daemon (8.13.4): queueing@01:0 0:00
Aug 31 17:01:12 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 17:01:12 mail postfix/master[4051]: daemon started -- version 2.2.2, conf iguration /etc/postfix
Aug 31 17:01:12 mail postfix/smtpd[4080]: connect from localhost.localdomain[127 .0.0.1]
Aug 31 17:01:22 mail postfix/smtpd[4080]: disconnect from localhost.localdomain[ 127.0.0.1]
Aug 31 17:29:16 mail sendmail[20178]: k7VLTGmu020178: from=root, size=822, class =0, nrcpts=1, msgid=<200608312129.k7VLTGmu020178@mail.wnetworks.net>, relay=root @localhost
Aug 31 17:29:17 mail postfix/smtpd[20179]: connect from localhost.localdomain[12 7.0.0.1]
Aug 31 17:29:17 mail postfix/smtpd[20179]: setting up TLS connection from localh ost.localdomain[127.0.0.1]
Aug 31 17:29:17 mail postfix/smtpd[20179]: TLS connection established from local host.localdomain[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Aug 31 17:29:17 mail sendmail[20178]: STARTTLS=client, relay=[127.0.0.1], versio n=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 31 17:29:17 mail postfix/smtpd[20179]: 901E676E2A9: client=localhost.localdo main[127.0.0.1], sasl_sender=root@mail.wnetworks.net
Aug 31 17:29:17 mail postfix/cleanup[20182]: 901E676E2A9: message-id=<2006083121 29.k7VLTGmu020178@mail.wnetworks.net>
Aug 31 17:29:17 mail postfix/qmgr[4057]: 901E676E2A9: from=<root@mail.wnetworks. net>, size=1448, nrcpt=1 (queue active)
Aug 31 17:29:17 mail sendmail[20178]: k7VLTGmu020178: to=root, ctladdr=root (0/0 ), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30822, relay=[127.0.0.1] [ 127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 901E676E2A9)
Aug 31 17:29:17 mail postfix/smtpd[20179]: disconnect from localhost.localdomain [127.0.0.1]
Aug 31 17:29:17 mail postfix/local[20183]: 901E676E2A9: to=<root@mail.wnetworks. net>, relay=local, delay=0, status=sent (delivered to mailbox)
Aug 31 17:29:17 mail postfix/qmgr[4057]: 901E676E2A9: removed
Aug 31 17:57:38 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 17:57:38 mail postfix/master[4051]: terminating on signal 15
Aug 31 17:57:41 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 17:57:41 mail postfix/master[14695]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 17:58:18 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 17:58:18 mail postfix/master[14695]: terminating on signal 15
Aug 31 17:58:19 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 17:58:19 mail postfix/master[17235]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:04:18 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 18:04:18 mail postfix/master[17235]: terminating on signal 15
Aug 31 18:04:23 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:04:23 mail postfix/master[29452]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:04:57 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 18:04:57 mail postfix/master[29452]: terminating on signal 15
Aug 31 18:04:58 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:04:58 mail postfix/master[29873]: daemon started -- version 2.2.2, con figuration /etc/postfix
Aug 31 18:07:04 mail ipop3d[30995]: pop3 service init from 127.0.0.1
Aug 31 18:08:15 mail ipop3d[31606]: pop3 service init from 127.0.0.1
Aug 31 18:08:16 mail ipop3d[31606]: Login user=web1_lucifer host=localhost.local domain [127.0.0.1] nmsgs=0/0
Aug 31 18:08:16 mail ipop3d[31606]: Command stream end of file while reading lin e user=web1_lucifer host=localhost.localdomain [127.0.0.1]
Aug 31 18:19:47 mail ipop3d[29003]: pop3s SSL service init from 192.168.0.13
Aug 31 18:19:47 mail ipop3d[29003]: Unable to load certificate from /usr/share/s sl/certs/ipop3d.pem, host=[192.168.0.13]
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:02001002:system libr ary:fopen:No such file or directory
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:20074002:BIO routine s:FILE_CTRL:system lib
Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:140DC002:SSL routine s:SSL_CTX_use_certificate_chain_file:system lib
Aug 31 18:31:54 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:31:54 mail postfix/master[2204]: daemon started -- version 2.2.2, conf iguration /etc/postfix
Aug 31 18:32:33 mail postfix/postfix-script: stopping the Postfix mail system
Aug 31 18:32:33 mail postfix/master[2204]: terminating on signal 15
Aug 31 18:32:34 mail postfix/postfix-script: starting the Postfix mail system
Aug 31 18:32:35 mail postfix/master[2553]: daemon started -- version 2.2.2, conf iguration /etc/postfix

 

# find / -name ipop3d.pem yields nothing. Of course then, this error message:

Code:

Aug 31 18:53:50 mail ipop3d[3621]: Unable to load certificate from /usr/share/ssl/certs/ipop3d.pem, host=[192.168.0.13]

So, why is there no ipop3d.pem?

 

# find / -name "*.pem"
/etc/pki/tls/cert.pem
/etc/pki/dovecot/dovecot.pem
/etc/pki/dovecot/private/dovecot.pem
/etc/postfix/ssl/cacert.pem
/etc/postfix/ssl/cakey.pem
/usr/share/swamp/CA.pem
/usr/share/swamp/A-client.pem
/home/joe/Desktop/edMailServer/master/etc/postfix/ssl/cacert.pem
/home/joe/Desktop/edMailServer/master/etc/postfix/ssl/cakey.pem

 

Thank you for the response Till.

I am not sure how to do this, as there is no outright declaration for install pop3d in the perfect setup guide. How would you do this?

~jjw

 

Trying Again

Thanks for reading ~ jjw

Ok, so I started from scratch again. Followed the perfect install for Core 4 (except, no added IPs-why does it tell us to do this if we don't use them?).

Followed it every step of the way, and I'm getting the same error messages:

Code:

Sep  1 13:35:28 mail postfix/master[4185]: daemon started -- version 2.2.2, configuration /etc/postfix
Sep  1 13:35:47 mail ipop3d[4226]: pop3 service init from 127.0.0.1
Sep  1 13:35:47 mail ipop3d[4226]: Login user=web1_newTest host=localhost.localdomain [127.0.0.1] nmsgs=0/0
Sep  1 13:35:47 mail ipop3d[4226]: Command stream end of file while reading line user=web1_newTest host=localhost.localdomain [127.0.0.1]
Sep  1 13:40:01 mail ipop3d[4560]: pop3 service init from 192.168.0.13
Sep  1 13:40:26 mail ipop3d[4560]: Command stream end of file while reading line user=??? host=[192.168.0.13]
Sep  1 13:40:44 mail ipop3d[4583]: pop3s SSL service init from 192.168.0.13
Sep  1 13:40:44 mail ipop3d[4583]: Unable to load certificate from /usr/share/ssl/certs/ipop3d.pem, host=[192.168.0.13]
Sep  1 13:40:44 mail ipop3d[4583]: SSL error status: error:02001002:system library:fopen:No such file or directory
Sep  1 13:40:44 mail ipop3d[4583]: SSL error status: error:20074002:BIO routines:FILE_CTRL:system lib
Sep  1 13:40:44 mail ipop3d[4583]: SSL error status: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib

I have DNS pointing to the IP address of the interface, and you can see I started a connection. If I followed the perfect install, why wasn't this certificate created?

In fact, I got an error this time after reinstall (8182 corrupt certificate), and followed the dorections here for a rebuild:

http://www.wallpaperama.com/disp-post70.html

The 8182 error has happened every time I've done an install, except one time. Can someone tell me where I am wrong?

~jjw

 

Thank you Till. I have since done two complete re-installs of OS & ISPConfig, and getting the same issue.

To answer your question: Yes, I can connect to pop3 from another machine from command line, and send email to the newest account I have created. I can see the statistics, and I can see the email in the mbox file (I've since changed to Maildir). Yet, cannot connect with mail client using SSL.

 

netstat -tap:

Code:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 *:imaps                     *:*                         LISTEN      2002/xinetd
tcp        0      0 *:32769                     *:*                         LISTEN      1670/rpc.statd
tcp        0      0 *:pop3s                     *:*                         LISTEN      2002/xinetd
tcp        0      0 *:mysql                     *:*                         LISTEN      2093/mysqld
tcp        0      0 *:pop3                      *:*                         LISTEN      2002/xinetd
tcp        0      0 *:imap                      *:*                         LISTEN      2002/xinetd
tcp        0      0 *:sunrpc                    *:*                         LISTEN      1651/portmap
tcp        0      0 *:81                        *:*                         LISTEN      2415/ispconfig_http
tcp        0      0 192.168.0.10:domain         *:*                         LISTEN      3370/named
tcp        0      0 mail.wnetworks.net:domain   *:*                         LISTEN      3370/named
tcp        0      0 mail.wnetworks.net:ipp      *:*                         LISTEN      1945/cupsd
tcp        0      0 mail.wnetworks.net:5335     *:*                         LISTEN      1927/mDNSResponder
tcp        0      0 mail.wnetworks.net:rndc     *:*                         LISTEN      3370/named
tcp        0      0 *:smtp                      *:*                         LISTEN      3339/master
tcp        0      0 mail.wnetworks.net:rndc     mail.wnetworks.net:46981    TIME_WAIT   -
tcp        0      0 mail.wnetworks.net:53582    mail.wnetworks.net:ipp      ESTABLISHED 3602/eggcups
tcp        0      0 mail.wnetworks.net:ipp      mail.wnetworks.net:53582    ESTABLISHED 1945/cupsd
tcp        0      0 *:http                      *:*                         LISTEN      3271/httpd
tcp        0      0 *:ftp                       *:*                         LISTEN      3390/proftpd: (acce
tcp        0      0 *:ssh                       *:*                         LISTEN      1993/sshd
tcp        0      0 *:https                     *:*                         LISTEN      3271/httpd
tcp        0      0 ::ffff:192.168.0.10:ssh     ::ffff:192.168.0.13:1204    ESTABLISHED 2975/sshd: joe [pri
tcp        0      0 ::ffff:192.168.0.10:ssh     ::ffff:192.168.0.13:1203    ESTABLISHED 2955/sshd: joe [pri

 

Aren't you using Maildir? Then you should run Dovecot instead of your xinetd based POP3/IMAP daemon... Your current POP3/IMAP daemon uses mbox.

 

Hello Falko, and thanks to you for helping me (as well as the How To's and The Forum).

The error I got was *before* I switched over to Maildir. Why did I get that message before I switched over to Maildir format?

Your suggestion worked (surprise).

I've stopped xinetd and started dovecot (actually, I had to remove the 0.99 version and install the 1.0 version which allows for character translation with the 'auth_username_translation =' directive). I've been able to send email from behind the network, and I'll check for remote authentication as soon as I get to a remote machine.

I'll add more when I get the results.

~jjw

 

Ouch. I got the message from my mail client that "Server Does Not Support Secure Authentication. This was from the LAN, and trying to use SSL & Seucre Authentication. Client is Thunderbird 1.0.2

 

Ouch. I just tried using Thunderbird 1.0.2 and got the "Server Does Not Support Secure Authentication" message.

Here is what I get when I telnet localhost 25:

Code:

250-mail.wnetworks.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME

 

Well, I just realized that I didn't need the 'auth_username_translation =' directive, so I did a reinstall to get back to the 'perfect install', and utilizing Falko's suggestion to use Dovecot with Maildir.

I'm hanging on SMTP AUTH it seems.

 

Thank you Till. Here is the relevant output:

netstat -tap

Code:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 *:imaps                     *:*                         LISTEN      4100/xinetd
tcp        0      0 *:32769                     *:*                         LISTEN      1651/rpc.statd
tcp        0      0 *:pop3s                     *:*                         LISTEN      4100/xinetd
tcp        0      0 *:mysql                     *:*                         LISTEN      5245/mysqld
tcp        0      0 *:pop3                      *:*                         LISTEN      4100/xinetd
tcp        0      0 *:imap                      *:*                         LISTEN      4100/xinetd
tcp        0      0 *:sunrpc                    *:*                         LISTEN      1633/portmap
tcp        0      0 *:81                        *:*                         LISTEN      28766/ispconfig_htt
tcp        0      0 mail.wnetworks.net:domain   *:*                         LISTEN      28886/named
tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      28886/named
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      1960/cupsd
tcp        0      0 localhost.localdomain:5335  *:*                         LISTEN      1942/mDNSResponder
tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      28886/named
tcp        0      0 *:smtp                      *:*                         LISTEN      28861/master
tcp        0      0 *:http                      *:*                         LISTEN      28789/httpd
tcp        0      0 *:ftp                       *:*                         LISTEN      28902/proftpd: (acc
tcp        0      0 *:ssh                       *:*                         LISTEN      2020/sshd
tcp        0      0 *:https                     *:*                         LISTEN      28789/httpd

# telnet localhost 25

Code:

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.wnetworks.net ESMTP Postfix
ehlo localhost
250-mail.wnetworks.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME

main.cf:

Code:

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

mail_owner = postfix


inet_interfaces = all


unknown_local_recipient_reject_code = 550


alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases
debug_peer_level = 2


debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5


sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.2.2/samples

readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names

Why is it that I have to rebuild the certificates *after* the install process after a fresh os/ispcoinfig install? I always get the 8182 error (except one time).

 

Here is the output from another machine:

$ telnet mail.wnetworks.net 25

Code:

Trying 192.168.0.10...
Connected to mail.wnetworks.net.
Escape character is '^]'.
220 mail.wnetworks.net ESMTP Postfix
ehlo http.wnetworks.net
250-mail.wnetworks.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME

 

Because you enter invalid information when you create the certificates the first time. Accept the default values. The most common error is this: when you're asked for the "common name (e.g., your name)", this doesn't mean your personal name, but your domain name (e.g. example.com).

Please add

Code:

mynetworks = 127.0.0.0/8

to /etc/postfix/main.cf and restart Postfix. Then try to send a mail over that server with your email client (without SSL, but with "Server requires authentication." enabled).

 

Thank you Falko.

Ok, I thought I did it right. Anyway, I entered the same info the second time around.

I did this. I then attempted to connect from my mail client. I just timed out. No messages anywhere. I then logged in from another machine on the command line port 110, and then I logged in as the user, but it didn't list any messages, even though I have another screen open that shows a file in /var/www/web1/user/web1_test4/Maildir/new. This seems odd indeed.