Core 4: Error Messages on Fresh Install re CTX/SSL

Discussion in 'Installation/Configuration' started by jjw, Sep 1, 2006.

  1. jjw

    jjw New Member

    Also, I stopped xinetd (to stop pop services) and started dovecot, as I am using Maildir format.

    <edit>

    Here is the netstat -tap output showing dovecot on poppops & imap/imaps:

    Code:
    tcp        0      0 *:imaps                     *:*                         LISTEN      32673/dovecot
    tcp        0      0 *:32769                     *:*                         LISTEN      1651/rpc.statd
    tcp        0      0 *:pop3s                     *:*                         LISTEN      32673/dovecot
    tcp        0      0 *:mysql                     *:*                         LISTEN      5245/mysqld
    tcp        0      0 *:pop3                      *:*                         LISTEN      32673/dovecot
    tcp        0      0 *:imap                      *:*                         LISTEN      32673/dovecot
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      1633/portmap
    tcp        0      0 *:81                        *:*                         LISTEN      28766/ispconfig_htt
    tcp        0      0 mail.wnetworks.net:domain   *:*                         LISTEN      28886/named
    tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      28886/named
    tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      1960/cupsd
    tcp        0      0 localhost.localdomain:5335  *:*                         LISTEN      1942/mDNSResponder
    tcp        0      0 *:smtp                      *:*                         LISTEN      30484/master
    tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      28886/named
    tcp        1      0 mail.wnetworks.net:46490    mail.wnetworks.net:ssh      CLOSE_WAIT  29412/ssh
    tcp        0      0 *:http                      *:*                         LISTEN      28789/httpd
    tcp        0      0 *:ftp                       *:*                         LISTEN      30249/proftpd: (acc
    tcp        0      0 *:ssh                       *:*                         LISTEN      2020/sshd
    tcp        0      0 *:https                     *:*                         LISTEN      28789/httpd
     
    Last edited: Sep 4, 2006
  2. jjw

    jjw New Member

    My mail client can't get mail no matter what settings I use. So I stopped dovecot, turned it off with chkconfig, moved the pop & imap services back into xinetd.d, restart the whole system, and still can't connect no matter what I do. But I can from the command line. this is so frurstrating. I am going to yank it all out by the roots, use mbox, and see if I can get it to work.

    jjw
     
  3. jjw

    jjw New Member

    Allrighty,

    I've done yet another reinstall (taking default on certificate building). I've *not* checked Maildir (using mbox format), and I am getting the CTX messages when using a client with SSL (not secure authentication):
    Code:
    Sep  4 13:59:13 mail ipop3d[3933]: Unable to load certificate from /usr/share/ssl/certs/ipop3d.pem, host=[192.168.0.13]
    Sep  4 13:59:13 mail ipop3d[3933]: SSL error status: error:02001002:system library:fopen:No such file or directory
    Sep  4 13:59:13 mail ipop3d[3933]: SSL error status: error:20074002:BIO routines:FILE_CTRL:system lib
    Sep  4 13:59:13 mail ipop3d[3933]: SSL error status: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
    

    Nothing at all happens when I uncheck "Secure Authentication" *and* SSL, and nothing happens when "Secure Authentication" is checked.

    netstat -tap (using xinetd services for pop3/s imap/s:
    Code:
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 *:imaps                     *:*                         LISTEN      1998/xinetd
    tcp        0      0 *:32769                     *:*                         LISTEN      1632/rpc.statd
    tcp        0      0 *:pop3s                     *:*                         LISTEN      1998/xinetd
    tcp        0      0 *:mysql                     *:*                         LISTEN      2092/mysqld
    tcp        0      0 *:pop3                      *:*                         LISTEN      1998/xinetd
    tcp        0      0 *:imap                      *:*                         LISTEN      1998/xinetd
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      1614/portmap
    tcp        0      0 *:81                        *:*                         LISTEN      2415/ispconfig_http
    tcp        0      0 mail.wnetworks.net:domain   *:*                         LISTEN      3083/named
    tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      3083/named
    tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      1941/cupsd
    tcp        0      0 localhost.localdomain:5335  *:*                         LISTEN      1923/mDNSResponder
    tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      3083/named
    tcp        0      0 *:smtp                      *:*                         LISTEN      3058/master
    tcp        0      0 mail.wnetworks.net:35977    host-213-160-98-160.tc:http TIME_WAIT   -
    tcp        0      0 *:http                      *:*                         LISTEN      2985/httpd
    tcp        0      0 *:ftp                       *:*                         LISTEN      3099/proftpd: (acce
    tcp        0      0 *:ssh                       *:*                         LISTEN      1989/sshd
    tcp        0      0 *:https                     *:*                         LISTEN      2985/httpd

    So, I decided to disable the xinetd service for imap/imaps & pop3/pop3s, and enable dovecot. I then restart the server completely.

    I then log in with the email client, using SSL (not Secure Authentication), and am successful:

    /var/log/dovecot:
    Code:
    dovecot: Sep 04 14:07:49 Info: Dovecot starting up
    pop3-login: Sep 04 14:11:42 Info: Login: web1_test5 [192.168.0.13]
    netstat -tap (using Dovecot):
    Code:
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 *:imaps                     *:*                         LISTEN      2080/dovecot
    tcp        0      0 *:32769                     *:*                         LISTEN      1632/rpc.statd
    tcp        0      0 *:pop3s                     *:*                         LISTEN      2080/dovecot
    tcp        0      0 *:mysql                     *:*                         LISTEN      2059/mysqld
    tcp        0      0 *:pop3                      *:*                         LISTEN      2080/dovecot
    tcp        0      0 *:imap                      *:*                         LISTEN      2080/dovecot
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      1614/portmap
    tcp        0      0 *:81                        *:*                         LISTEN      2397/ispconfig_http
    tcp        0      0 mail.wnetworks.net:domain   *:*                         LISTEN      3032/named
    tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      3032/named
    tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      1908/cupsd
    tcp        0      0 localhost.localdomain:5335  *:*                         LISTEN      1890/mDNSResponder
    tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      3032/named
    tcp        0      0 *:smtp                      *:*                         LISTEN      3007/master
    tcp        0      0 *:http                      *:*                         LISTEN      2935/httpd
    tcp        0      0 *:ftp                       *:*                         LISTEN      3048/proftpd: (acce
    tcp        0      0 *:ssh                       *:*                         LISTEN      1956/sshd
    tcp        0      0 *:https                     *:*                         LISTEN      2935/httpd
    But I cannot login using 'Secure Authentication', nor can I log in with both options unchecked (SSL & Secure Authentication). the logs are empty and the client times ot.

    This is driving me crazy. :)

    So, I tried sending email. With SSL checked in connection, I tried to send an email to remoteEmail@domain.tld (I used a real address that accepts mail from my other mail server on my LAN). I tried using both TLS and SSL in the outgoing SMTP server settings:

    using 'TLS, if available'


    using 'SSL'


    This is really killing my sleep. :)
     
  4. jjw

    jjw New Member

    Am I doomed to failure?
     
  5. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    You must enable smtp authentication in your mail client to be able to send email to domains that are not hosted on your server.
     
  6. jjw

    jjw New Member

    I understand that Till. When I do that, the server times out.
     
  7. jjw

    jjw New Member

    Anyone else have any ideas?

    Am I doomed to failure?
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Are you sure SELinux is disabled and your firewall allows POP3 and SMTP?
     
  9. jjw

    jjw New Member

    Yes, Falko: iptables stopped (and set to not run at boot time), ISPConfig firewall open for everything, services running, and SElinux disabled.
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's the output of
    Code:
    iptables -L
    ? Are you trying to connect from within your LAN or from outside?
    Might also be an issue with your desktop firewall (if you use one).
     
  11. jjw

    jjw New Member

    Iptables was not running, and I have since attempted install of Core 5 on this machine, so I can't give the output. I was attempting to get mail from the server on my LAN. The same desktop that can't get mail from the Core 5 machine *can* get mail from my other mail server (runs Surgemail on Redhat 9) in the same LAN.
     

Share This Page