Problem with TLS connection

Discussion in 'Installation/Configuration' started by the_idol, Apr 20, 2006.

  1. the_idol

    the_idol New Member

    I followed the perfect setup Centos 4.3 64 bit. to the letter. I then installed Ispcofig to the letter, everything works fine except when connecting to the imap account I ran into this problem. The certificate that poppep up have bogus info like:
    issued to:
    Common Name imap.example.com

    issued by:
    Common Name imap.example.com

    I accepted it anyway and was able to connect with thunderbird to get the mail.


    [​IMG]

    I'm not sure why the cert is like that ?


    Now sending is a different story:
    I got this:
    [​IMG]

    [root@svr1 ssl]# telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 svr1.oxxxxxx.com ESMTP Postfix
    ehlo localhost
    250-svr1.oxxxxxx.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250 8BITMIME
    quit
    221 Bye
    Connection closed by foreign host.



    Any help would be greatly appreciated

    TI
     
  2. falko

    falko Super Moderator ISPConfig Developer

    I guess you use IMAPs instead of IMAP? Have a look here: http://www.howtoforge.com/forums/showthread.php?t=1168


    Is sending working without TLS?
     
  3. the_idol

    the_idol New Member

    No I can't send mail with tls off either. I made an account for a friend to test sending from outside and he was not able to. He can receive fine just not send.

    Snipped from maillog

    Code:
    Apr 20 19:44:54 svr1 postfix/master[4013]: daemon started -- version 2.1.5
    Apr 20 19:47:41 svr1 imap-login: Disconnected [::ffff:xx.xxx.xxx.xxx]
    Apr 20 20:01:38 svr1 pop3-login: Disconnected [::ffff:127.0.0.1]
    Apr 20 20:01:38 svr1 postfix/smtpd[4545]: connect from svr1.oxxxxxx.com[127.0.0.1]
    Apr 20 20:01:38 svr1 postfix/smtpd[4545]: lost connection after CONNECT from svr1.oxxxxxx.com[127.0.0.1]
    Apr 20 20:01:38 svr1 postfix/smtpd[4545]: disconnect from svr1.oxxxxxx.com[127.0.0.1]
    Apr 20 21:20:39 svr1 imap-login: Login: web1_marco [::ffff:xx.xxx.xxx.xxx]
    Apr 20 21:21:13 svr1 postfix/smtpd[5563]: connect from smtp111.sbc.mail.yahoo.com[xx.xxx.xxx.xxx]
    Apr 20 21:21:13 svr1 postfix/smtpd[5563]: E52EE13AC040: client=smtp111.sbc.mail.yahoo.com[xx.xxx.xxx.xxx]
    Apr 20 21:21:14 svr1 postfix/cleanup[5566]: E52EE13AC040: message-id=<44485D9D.8050209@someplaceelse.com>
    Apr 20 21:21:14 svr1 postfix/qmgr[4022]: E52EE13AC040: from=<marco@someplaceelse.com>, size=813, nrcpt=1 (queue active)
    Apr 20 21:21:14 svr1 postfix/smtpd[5563]: disconnect from smtp111.sbc.mail.yahoo.com[xx.xxx.xxx.xxx]
    Apr 20 21:21:14 svr1 sendmail[5578]: k3L4LEue005578: from=web1_marco, size=104, class=0, nrcpts=1, msgid=<200604210421.k3L4LEue005578@svr1.oxxxxxx.com>, relay=web1_marco@localhost
    Apr 20 21:21:14 svr1 postfix/smtpd[5563]: connect from svr1.oxxxxxx.com[127.0.0.1]
    Apr 20 21:21:14 svr1 postfix/smtpd[5563]: setting up TLS connection from svr1.oxxxxxx.com[127.0.0.1]
    Apr 20 21:21:14 svr1 postfix/smtpd[5563]: TLS connection established from svr1.oxxxxxx.com[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Apr 20 21:21:14 svr1 sendmail[5578]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
    Apr 20 21:21:14 svr1 postfix/smtpd[5563]: 3202E13AC063: client=svr1.oxxxxxx.com[127.0.0.1], sasl_sender=web1_marco@svr1.oxxxxxx.com
    Apr 20 21:21:14 svr1 postfix/cleanup[5566]: 3202E13AC063: message-id=<200604210421.k3L4LEue005578@svr1.oxxxxxx.com>
    Apr 20 21:21:14 svr1 postfix/qmgr[4022]: 3202E13AC063: from=<web1_marco@svr1.oxxxxxx.com>, size=712, nrcpt=1 (queue active)
    Apr 20 21:21:14 svr1 sendmail[5578]: k3L4LEue005578: to=admispconfig@localhost, ctladdr=web1_marco (10005/10001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30104, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 3202E13AC063)
    Apr 20 21:21:14 svr1 postfix/smtpd[5563]: disconnect from svr1.oxxxxxx.com[127.0.0.1]
    Apr 20 21:21:16 svr1 postfix/local[5567]: E52EE13AC040: to=<web1_marco@svr1.oxxxxxx.com>, orig_to=<marco@oxxxxxx.com>, relay=local, delay=3, status=sent (delivered to command: /usr/bin/procmail -f-)
    Apr 20 21:21:16 svr1 postfix/qmgr[4022]: E52EE13AC040: removed
    Apr 20 21:21:30 svr1 procmail[5584]: Couldn't rename bogus "/var/mail/admispconfig" into "/var/mail/BOGUS.admispconfig.9AsOB"
    Apr 20 21:21:30 svr1 postfix/local[5583]: 3202E13AC063: to=<admispconfig@svr1.oxxxxxx.com>, relay=local, delay=16, status=sent (delivered to command: /usr/bin/procmail -f-)
    Apr 20 21:21:30 svr1 postfix/qmgr[4022]: 3202E13AC063: removed

    TI
     
  4. falko

    falko Super Moderator ISPConfig Developer

    This looks like a firewall problem to me...
     
  5. the_idol

    the_idol New Member

    How do I see the rules other that with the gui if I am using ISPConfig

    TI
     
  6. falko

    falko Super Moderator ISPConfig Developer

    You can see the rules with
    Code:
    iptables -L
    on the shell. Might also be a problem with your router's firewall.
     

Share This Page