Security Error: Domain Name Mismatch

Discussion in 'Installation/Configuration' started by cctex10, Jun 13, 2006.

  1. cctex10

    cctex10 New Member

    I am getting this security error after accepting the cert...

    I am using "Mozilla Thunderbird" when i get the error
    _________________________________
    Security Error: Domain Name Mismatch

    You have attempted to establish a connection with "mail.newsporemedia.com". However, the security certificate presented belongs to "nEw Spore Media". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site.

    If You suspect the certificate shown does not belong to "mail.newsporemedia.com", please cancel the connection and notify the site administrator.
    _________________________________


    Here is My main.cf
    Code:
    # readme_directory: The location of the Postfix README files.
    #
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    inet_protocols = all
    biff = no
    mail_spool_directory = /var/mail
    canonical_maps = hash:/etc/postfix/canonical
    #virtual_alias_maps = hash:/etc/postfix/virtual
    virtual_alias_domains = hash:/etc/postfix/virtual
    relocated_maps = hash:/etc/postfix/relocated
    transport_maps = hash:/etc/postfix/transport
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient
    myhostname = mail.$mydomain
    program_directory = /usr/lib/postfix
    inet_interfaces = all
    masquerade_domains =
    #mydestination = $myhostname, localhost.$mydomain
    defer_transports =
    mynetworks_style = subnet
    disable_dns_lookups = no
    relayhost =
    mailbox_command =
    mailbox_transport =
    strict_8bitmime = no
    disable_mime_output_conversion = no
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_client_restrictions =
    smtpd_helo_required = no
    smtpd_helo_restrictions =
    strict_rfc821_envelopes = no
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = yes
    smtpd_use_tls = yes
    smtp_use_tls = yes
    alias_maps = hash:/etc/aliases
    mailbox_size_limit = 0
    message_size_limit = 10240000
    mydomain = newsporemedia.com
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    
    virtual_maps = hash:/etc/postfix/virtusertable
    
    mydestination = /etc/postfix/local-host-names
    mynetworks = 127.0.0.0/8
    
    ________________________________
    Here is My local-host-names
    Code:
    ###################################
    #
    # ISPConfig local-host-names Configuration File
    #         Version 1.0
    #
    ###################################
    localhost
    mail.newsporemedia.com
    s1.newsporemedia.com
    localhost.s1.newsporemedia.com
    localhost.newsporemedia.com
    www.newsporemedia.com
    newsporemedia.com
    webmail.newsporemedia.com
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
    
     
  2. cctex10

    cctex10 New Member

    THis is the Orginal

    This is the orginal code that the "Perf SUSE 10.1 Setup told me to use"
    But it does not work....

    Code:
    postconf -e 'mydomain = example.com'
    postconf -e 'myhostname = server1.$mydomain'
    postconf -e 'smtpd_sasl_local_domain ='
    postconf -e 'smtpd_sasl_auth_enable = yes'
    postconf -e 'smtpd_sasl_security_options = noanonymous'
    postconf -e 'broken_sasl_auth_clients = yes'
    postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains'
    postconf -e 'inet_interfaces = all'
    postconf -e 'alias_maps = hash:/etc/aliases'
    postconf -e 'smtpd_tls_auth_only = no'
    postconf -e 'smtp_use_tls = yes'
    postconf -e 'smtpd_use_tls = yes'
    postconf -e 'smtp_tls_note_starttls_offer = yes'
    postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
    postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
    postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
    postconf -e 'smtpd_tls_loglevel = 1'
    postconf -e 'smtpd_tls_received_header = yes'
    postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    postconf -e 'tls_random_source = dev:/dev/urandom'
    
     
  3. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Simply recreate a new certificate (as described in the tutorial), and when it asks you for the common name, you must enter mail.newsporemedia.com, not nEw Spore Media.
     
  4. cctex10

    cctex10 New Member

    You Da Man!!!

    Thanks You Da MAN!
     
  5. mi5hu

    mi5hu New Member

    i have a similar situation with virtual hosting

    for first domain i recreate the certificate, but for the second i receive "domain name mismatch" (in my email client)

    I have to make 2 certificates?
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's the hostname you use in your Postfix configuration? You can see it when you run
    Code:
    telnet localhost 25
    Please create a certificate for that hostname.
     
  7. mi5hu

    mi5hu New Member

    it`s working

    10x
     

Share This Page