Thank is advance to anyone reading and helping. ~jjw Fresh install Core 4 following perfect setup (except: I never added extra virtual IPs) We have a local DNS server that points correctly to the new ISPConfig-installed server. I set up a site, and a mail user (web1_test). I then attemtped to connect to get mail with Thunderbird, set up for secure connection. It failed, and I got similar error messages as a previous failed attempt remotely. Here are the errors: Code: Aug 31 18:04:58 mail postfix/postfix-script: starting the Postfix mail system Aug 31 18:04:58 mail postfix/master[29873]: daemon started -- version 2.2.2, con figuration /etc/postfix Aug 31 18:07:04 mail ipop3d[30995]: pop3 service init from 127.0.0.1 Aug 31 18:08:15 mail ipop3d[31606]: pop3 service init from 127.0.0.1 Aug 31 18:08:16 mail ipop3d[31606]: Login user=web1_lucifer host=localhost.local domain [127.0.0.1] nmsgs=0/0 Aug 31 18:08:16 mail ipop3d[31606]: Command stream end of file while reading lin e user=web1_lucifer host=localhost.localdomain [127.0.0.1] Aug 31 18:19:47 mail ipop3d[29003]: pop3s SSL service init from 192.168.0.13 Aug 31 18:19:47 mail ipop3d[29003]: Unable to load certificate from /usr/share/s sl/certs/ipop3d.pem, host=[192.168.0.13] Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:02001002:system libr ary:fopen:No such file or directory Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:20074002:BIO routine s:FILE_CTRL:system lib Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:140DC002:SSL routine s:SSL_CTX_use_certificate_chain_file:system lib Aug 31 18:31:54 mail postfix/postfix-script: starting the Postfix mail system Aug 31 18:31:54 mail postfix/master[2204]: daemon started -- version 2.2.2, conf iguration /etc/postfix I then attempted a non-secure connection. It never worked, and there were no new entries in maillog. :| Matter of fact, I rebooted the system and attempted another non-secure connection. Again, nothing new added. Where have I erred? Entire maillog: Code: Aug 31 16:24:11 mail sendmail[2031]: alias database /etc/aliases rebuilt by root Aug 31 16:24:11 mail sendmail[2031]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total Aug 31 16:24:11 mail sendmail[2035]: starting daemon (8.13.4): [email protected]: 00:00 Aug 31 16:24:11 mail sm-msp-queue[2041]: starting daemon (8.13.4): [email protected]:0 0:00 Aug 31 17:01:12 mail postfix/postfix-script: starting the Postfix mail system Aug 31 17:01:12 mail postfix/master[4051]: daemon started -- version 2.2.2, conf iguration /etc/postfix Aug 31 17:01:12 mail postfix/smtpd[4080]: connect from localhost.localdomain[127 .0.0.1] Aug 31 17:01:22 mail postfix/smtpd[4080]: disconnect from localhost.localdomain[ 127.0.0.1] Aug 31 17:29:16 mail sendmail[20178]: k7VLTGmu020178: from=root, size=822, class =0, nrcpts=1, msgid=<[email protected]>, relay=root @localhost Aug 31 17:29:17 mail postfix/smtpd[20179]: connect from localhost.localdomain[12 7.0.0.1] Aug 31 17:29:17 mail postfix/smtpd[20179]: setting up TLS connection from localh ost.localdomain[127.0.0.1] Aug 31 17:29:17 mail postfix/smtpd[20179]: TLS connection established from local host.localdomain[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Aug 31 17:29:17 mail sendmail[20178]: STARTTLS=client, relay=[127.0.0.1], versio n=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Aug 31 17:29:17 mail postfix/smtpd[20179]: 901E676E2A9: client=localhost.localdo main[127.0.0.1], [email protected] Aug 31 17:29:17 mail postfix/cleanup[20182]: 901E676E2A9: message-id=<2006083121 [email protected]> Aug 31 17:29:17 mail postfix/qmgr[4057]: 901E676E2A9: from=<[email protected] net>, size=1448, nrcpt=1 (queue active) Aug 31 17:29:17 mail sendmail[20178]: k7VLTGmu020178: to=root, ctladdr=root (0/0 ), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30822, relay=[127.0.0.1] [ 127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 901E676E2A9) Aug 31 17:29:17 mail postfix/smtpd[20179]: disconnect from localhost.localdomain [127.0.0.1] Aug 31 17:29:17 mail postfix/local[20183]: 901E676E2A9: to=<[email protected] net>, relay=local, delay=0, status=sent (delivered to mailbox) Aug 31 17:29:17 mail postfix/qmgr[4057]: 901E676E2A9: removed Aug 31 17:57:38 mail postfix/postfix-script: stopping the Postfix mail system Aug 31 17:57:38 mail postfix/master[4051]: terminating on signal 15 Aug 31 17:57:41 mail postfix/postfix-script: starting the Postfix mail system Aug 31 17:57:41 mail postfix/master[14695]: daemon started -- version 2.2.2, con figuration /etc/postfix Aug 31 17:58:18 mail postfix/postfix-script: stopping the Postfix mail system Aug 31 17:58:18 mail postfix/master[14695]: terminating on signal 15 Aug 31 17:58:19 mail postfix/postfix-script: starting the Postfix mail system Aug 31 17:58:19 mail postfix/master[17235]: daemon started -- version 2.2.2, con figuration /etc/postfix Aug 31 18:04:18 mail postfix/postfix-script: stopping the Postfix mail system Aug 31 18:04:18 mail postfix/master[17235]: terminating on signal 15 Aug 31 18:04:23 mail postfix/postfix-script: starting the Postfix mail system Aug 31 18:04:23 mail postfix/master[29452]: daemon started -- version 2.2.2, con figuration /etc/postfix Aug 31 18:04:57 mail postfix/postfix-script: stopping the Postfix mail system Aug 31 18:04:57 mail postfix/master[29452]: terminating on signal 15 Aug 31 18:04:58 mail postfix/postfix-script: starting the Postfix mail system Aug 31 18:04:58 mail postfix/master[29873]: daemon started -- version 2.2.2, con figuration /etc/postfix Aug 31 18:07:04 mail ipop3d[30995]: pop3 service init from 127.0.0.1 Aug 31 18:08:15 mail ipop3d[31606]: pop3 service init from 127.0.0.1 Aug 31 18:08:16 mail ipop3d[31606]: Login user=web1_lucifer host=localhost.local domain [127.0.0.1] nmsgs=0/0 Aug 31 18:08:16 mail ipop3d[31606]: Command stream end of file while reading lin e user=web1_lucifer host=localhost.localdomain [127.0.0.1] Aug 31 18:19:47 mail ipop3d[29003]: pop3s SSL service init from 192.168.0.13 Aug 31 18:19:47 mail ipop3d[29003]: Unable to load certificate from /usr/share/s sl/certs/ipop3d.pem, host=[192.168.0.13] Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:02001002:system libr ary:fopen:No such file or directory Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:20074002:BIO routine s:FILE_CTRL:system lib Aug 31 18:19:47 mail ipop3d[29003]: SSL error status: error:140DC002:SSL routine s:SSL_CTX_use_certificate_chain_file:system lib Aug 31 18:31:54 mail postfix/postfix-script: starting the Postfix mail system Aug 31 18:31:54 mail postfix/master[2204]: daemon started -- version 2.2.2, conf iguration /etc/postfix Aug 31 18:32:33 mail postfix/postfix-script: stopping the Postfix mail system Aug 31 18:32:33 mail postfix/master[2204]: terminating on signal 15 Aug 31 18:32:34 mail postfix/postfix-script: starting the Postfix mail system Aug 31 18:32:35 mail postfix/master[2553]: daemon started -- version 2.2.2, conf iguration /etc/postfix
# find / -name ipop3d.pem yields nothing. Of course then, this error message: Code: Aug 31 18:53:50 mail ipop3d[3621]: Unable to load certificate from /usr/share/ssl/certs/ipop3d.pem, host=[192.168.0.13] So, why is there no ipop3d.pem?
# find / -name "*.pem" /etc/pki/tls/cert.pem /etc/pki/dovecot/dovecot.pem /etc/pki/dovecot/private/dovecot.pem /etc/postfix/ssl/cacert.pem /etc/postfix/ssl/cakey.pem /usr/share/swamp/CA.pem /usr/share/swamp/A-client.pem /home/joe/Desktop/edMailServer/master/etc/postfix/ssl/cacert.pem /home/joe/Desktop/edMailServer/master/etc/postfix/ssl/cakey.pem
Your ipop3d ssl certificates where missing. Try to reinstall ipop3d, the certificates where normally generated automatically during installation.
Thank you for the response Till. I am not sure how to do this, as there is no outright declaration for install pop3d in the perfect setup guide. How would you do this? ~jjw
Trying Again Thanks for reading ~ jjw Ok, so I started from scratch again. Followed the perfect install for Core 4 (except, no added IPs-why does it tell us to do this if we don't use them?). Followed it every step of the way, and I'm getting the same error messages: Code: Sep 1 13:35:28 mail postfix/master[4185]: daemon started -- version 2.2.2, configuration /etc/postfix Sep 1 13:35:47 mail ipop3d[4226]: pop3 service init from 127.0.0.1 Sep 1 13:35:47 mail ipop3d[4226]: Login user=web1_newTest host=localhost.localdomain [127.0.0.1] nmsgs=0/0 Sep 1 13:35:47 mail ipop3d[4226]: Command stream end of file while reading line user=web1_newTest host=localhost.localdomain [127.0.0.1] Sep 1 13:40:01 mail ipop3d[4560]: pop3 service init from 192.168.0.13 Sep 1 13:40:26 mail ipop3d[4560]: Command stream end of file while reading line user=??? host=[192.168.0.13] Sep 1 13:40:44 mail ipop3d[4583]: pop3s SSL service init from 192.168.0.13 Sep 1 13:40:44 mail ipop3d[4583]: Unable to load certificate from /usr/share/ssl/certs/ipop3d.pem, host=[192.168.0.13] Sep 1 13:40:44 mail ipop3d[4583]: SSL error status: error:02001002:system library:fopen:No such file or directory Sep 1 13:40:44 mail ipop3d[4583]: SSL error status: error:20074002:BIO routines:FILE_CTRL:system lib Sep 1 13:40:44 mail ipop3d[4583]: SSL error status: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib I have DNS pointing to the IP address of the interface, and you can see I started a connection. If I followed the perfect install, why wasn't this certificate created? In fact, I got an error this time after reinstall (8182 corrupt certificate), and followed the dorections here for a rebuild: http://www.wallpaperama.com/disp-post70.html The 8182 error has happened every time I've done an install, except one time. Can someone tell me where I am wrong? ~jjw
Thank you Till. I have since done two complete re-installs of OS & ISPConfig, and getting the same issue. To answer your question: Yes, I can connect to pop3 from another machine from command line, and send email to the newest account I have created. I can see the statistics, and I can see the email in the mbox file (I've since changed to Maildir). Yet, cannot connect with mail client using SSL.
netstat -tap: Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 2002/xinetd tcp 0 0 *:32769 *:* LISTEN 1670/rpc.statd tcp 0 0 *:pop3s *:* LISTEN 2002/xinetd tcp 0 0 *:mysql *:* LISTEN 2093/mysqld tcp 0 0 *:pop3 *:* LISTEN 2002/xinetd tcp 0 0 *:imap *:* LISTEN 2002/xinetd tcp 0 0 *:sunrpc *:* LISTEN 1651/portmap tcp 0 0 *:81 *:* LISTEN 2415/ispconfig_http tcp 0 0 192.168.0.10:domain *:* LISTEN 3370/named tcp 0 0 mail.wnetworks.net:domain *:* LISTEN 3370/named tcp 0 0 mail.wnetworks.net:ipp *:* LISTEN 1945/cupsd tcp 0 0 mail.wnetworks.net:5335 *:* LISTEN 1927/mDNSResponder tcp 0 0 mail.wnetworks.net:rndc *:* LISTEN 3370/named tcp 0 0 *:smtp *:* LISTEN 3339/master tcp 0 0 mail.wnetworks.net:rndc mail.wnetworks.net:46981 TIME_WAIT - tcp 0 0 mail.wnetworks.net:53582 mail.wnetworks.net:ipp ESTABLISHED 3602/eggcups tcp 0 0 mail.wnetworks.net:ipp mail.wnetworks.net:53582 ESTABLISHED 1945/cupsd tcp 0 0 *:http *:* LISTEN 3271/httpd tcp 0 0 *:ftp *:* LISTEN 3390/proftpd: (acce tcp 0 0 *:ssh *:* LISTEN 1993/sshd tcp 0 0 *:https *:* LISTEN 3271/httpd tcp 0 0 ::ffff:192.168.0.10:ssh ::ffff:192.168.0.13:1204 ESTABLISHED 2975/sshd: joe [pri tcp 0 0 ::ffff:192.168.0.10:ssh ::ffff:192.168.0.13:1203 ESTABLISHED 2955/sshd: joe [pri
Aren't you using Maildir? Then you should run Dovecot instead of your xinetd based POP3/IMAP daemon... Your current POP3/IMAP daemon uses mbox.
Hello Falko, and thanks to you for helping me (as well as the How To's and The Forum). The error I got was *before* I switched over to Maildir. Why did I get that message before I switched over to Maildir format? Your suggestion worked (surprise). I've stopped xinetd and started dovecot (actually, I had to remove the 0.99 version and install the 1.0 version which allows for character translation with the 'auth_username_translation =' directive). I've been able to send email from behind the network, and I'll check for remote authentication as soon as I get to a remote machine. I'll add more when I get the results. ~jjw
Ouch. I got the message from my mail client that "Server Does Not Support Secure Authentication. This was from the LAN, and trying to use SSL & Seucre Authentication. Client is Thunderbird 1.0.2
Ouch. I just tried using Thunderbird 1.0.2 and got the "Server Does Not Support Secure Authentication" message. Here is what I get when I telnet localhost 25: Code: 250-mail.wnetworks.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME
Well, I just realized that I didn't need the 'auth_username_translation =' directive, so I did a reinstall to get back to the 'perfect install', and utilizing Falko's suggestion to use Dovecot with Maildir. I'm hanging on SMTP AUTH it seems.
Thank you Till. Here is the relevant output: netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 4100/xinetd tcp 0 0 *:32769 *:* LISTEN 1651/rpc.statd tcp 0 0 *:pop3s *:* LISTEN 4100/xinetd tcp 0 0 *:mysql *:* LISTEN 5245/mysqld tcp 0 0 *:pop3 *:* LISTEN 4100/xinetd tcp 0 0 *:imap *:* LISTEN 4100/xinetd tcp 0 0 *:sunrpc *:* LISTEN 1633/portmap tcp 0 0 *:81 *:* LISTEN 28766/ispconfig_htt tcp 0 0 mail.wnetworks.net:domain *:* LISTEN 28886/named tcp 0 0 localhost.localdomai:domain *:* LISTEN 28886/named tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1960/cupsd tcp 0 0 localhost.localdomain:5335 *:* LISTEN 1942/mDNSResponder tcp 0 0 localhost.localdomain:rndc *:* LISTEN 28886/named tcp 0 0 *:smtp *:* LISTEN 28861/master tcp 0 0 *:http *:* LISTEN 28789/httpd tcp 0 0 *:ftp *:* LISTEN 28902/proftpd: (acc tcp 0 0 *:ssh *:* LISTEN 2020/sshd tcp 0 0 *:https *:* LISTEN 28789/httpd # telnet localhost 25 Code: Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.wnetworks.net ESMTP Postfix ehlo localhost 250-mail.wnetworks.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME main.cf: Code: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix inet_interfaces = all unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.2.2/samples readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names Why is it that I have to rebuild the certificates *after* the install process after a fresh os/ispcoinfig install? I always get the 8182 error (except one time).
Here is the output from another machine: $ telnet mail.wnetworks.net 25 Code: Trying 192.168.0.10... Connected to mail.wnetworks.net. Escape character is '^]'. 220 mail.wnetworks.net ESMTP Postfix ehlo http.wnetworks.net 250-mail.wnetworks.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME
Because you enter invalid information when you create the certificates the first time. Accept the default values. The most common error is this: when you're asked for the "common name (e.g., your name)", this doesn't mean your personal name, but your domain name (e.g. example.com). Please add Code: mynetworks = 127.0.0.0/8 to /etc/postfix/main.cf and restart Postfix. Then try to send a mail over that server with your email client (without SSL, but with "Server requires authentication." enabled).
Thank you Falko. Ok, I thought I did it right. Anyway, I entered the same info the second time around. I did this. I then attempted to connect from my mail client. I just timed out. No messages anywhere. I then logged in from another machine on the command line port 110, and then I logged in as the user, but it didn't list any messages, even though I have another screen open that shows a file in /var/www/web1/user/web1_test4/Maildir/new. This seems odd indeed.