Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Email System For The Home Network - Version 2.1
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 12, 13, 14 ... 25, 26, 27  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Dolio
l33t
l33t


Joined: 17 Jun 2002
Posts: 650

PostPosted: Fri Feb 06, 2004 6:24 am    Post subject: Reply with quote

Hello,

I just got done following version 2.0 and IMAP works wonderfully.

However, like some previous people here, I'm having problems sending mail. I did the:

KMail -> SASL -> Postfix -> SASL -> ISP

Route, to send things. However, I think the problem is in the first three, because messages never get sent as far as KMail is concerned.

I also tried using Thunderbird, and it complains about a bad or corrupted certificate (Error -8182, I believe). KMail complained about bad certificates on both the SMTP and IMAP servers, but it said that was just because they were signed by themselves, or some such, so I didn't think much of it.

Do I need to do something to generate keys or certificates for SMTP authentication, or is something else wrong. The relevant (I think) of my postfix main.cf follow (I think I got them right, but many eyes are better than 2):

Quote:
# sasl config stuff
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject

# tls stuff

smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# mail relay

smtp_sasl_password_maps = hash:/etc/postfix/saslpass


Any help would be appreciated. Great tutorial, by the way.
_________________
They don't have a good bathroom to do coke in.
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Fri Feb 06, 2004 6:39 am    Post subject: Reply with quote

Bob Shrooms - I'm glad everything worked and your email system is back up :)

Dolio - There are two lines missing from the conf file... Try adding the following under your "mail relay" section so it looks like this:
Code:

# mail relay

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous

Regarding the Thunderbird error... Not quite sure about it, but every email client should complain about your certs because they are NOT generated by a trusted certficiate agent. That said, it should just be for your home network so nothing to worry about. In Kmail you can choose to accept the SSL cert forever.

Hope this helps.
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
Dolio
l33t
l33t


Joined: 17 Jun 2002
Posts: 650

PostPosted: Fri Feb 06, 2004 9:29 am    Post subject: Reply with quote

Thanks for the reply.

I did have those in there, but stupidly deleted them because I thought they were the same as the above ones (missing the difference between smtp and smtpd).

However, that doesn't solve the problem, unfortunately. I had it before I deleted them and still have it now.

I did a tail -f on the mail logs. When I try to send a mail in Thunderbird, and when I try to "check what the server supports" in kmail, I get things like the following:

Quote:
Feb 6 04:26:38 [postfix/smtpd] SSL_accept:error in SSLv3 read certificate verify A


Along with lots of other SSL stuff. I'll look back at past posts to see if anything like this was remedied earlier, but if anything jumps out at you, I'd be much obliged.

Thanks for all your help.

Edit:

Seems like I have the same problem as Bob, based on the errors in the log. I tried commenting out the mail relay stuff in main.cf, but that didn't seem to solve anything. Anyhow, I guess this is a problem for another day. Maybe tomorrow I'll remerge OpenSSL and Postfix and see if that fixes anything.
_________________
They don't have a good bathroom to do coke in.
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Fri Feb 06, 2004 10:51 am    Post subject: Reply with quote

Curious what client you're currently using... and more importantly, what authentication method you're using with the client. When you attempt to send email, what error does your client give you?

Those ssl errors:
Code:
Feb 6 04:26:38 [postfix/smtpd] SSL_accept:error in SSLv3 read certificate verify A
shouldn't prevent you from sending email... A lot of it is verifying various certificates...

If you could post a bit more from your logs, or what your client is saying, it would be helpful...
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
Dolio
l33t
l33t


Joined: 17 Jun 2002
Posts: 650

PostPosted: Fri Feb 06, 2004 7:03 pm    Post subject: Reply with quote

For clients, both KMail and Thunderbird don't work. I haven't tried others. KMail doesn't generate any errors other than something like "failed to send some messages" in the status bar. Thunderbird gives 'Could not establish an connection because certificate presented is invalid or corrupted. Error Code: -8182' when trying to send.

In the KMail settings, Encryption is TLS, authentication is PLAIN, just like in the tutorial. That's what comes up by default when I click "Check What the Server Supports." Thunderbird doesn't have a similar button, so I just chose similar settings to KMail.

Here's a complete tail while attempting to send mail from Thunderbird. KMail doesn't generate anything in the logs when attempting and failing to send.

Quote:
Feb 6 13:48:59 [postfix/smtpd] 0460 74 c2 0b a3 12 88 da a9|33 4f 2f 3a aa 6b df fd t....... 3O/:.k..
Feb 6 13:48:59 [postfix/smtpd] 0470 aa 17 54 ee 17 b8 f8 d8|1f 68 15 52 1e de 88 84 ..T..... .h.R....
Feb 6 13:48:59 [postfix/smtpd] 0480 ff 28 26 e9 b4 80 ba e0|dd 70 9e cf 21 64 bb a5 .(&..... .p..!d..
Feb 6 13:48:59 [postfix/smtpd] 0490 76 86 65 2f 93 15 1f 17|3d 52 3c 50 cf 7c 85 f8 v.e/.... =R<P.|..
Feb 6 13:48:59 [postfix/smtpd] 04a0 93 86 db 81 89 25 1e 70|48 24 49 10 a9 b9 98 a0 .....%.p H$I.....
Feb 6 13:48:59 [postfix/smtpd] 04b0 2a ea 8a 0e 72 fc 16 03|01 00 04 0e *...r... ....
Feb 6 13:48:59 [postfix/smtpd] 04bf - <SPACES/NULS>?
Feb 6 13:48:59 [postfix/smtpd] SSL_accept:SSLv3 flush data
Feb 6 13:48:59 [postfix/smtpd] read from 080A77A8 [080B5AA8] (5 bytes => -1 (0xFFFFFFFF))
Feb 6 13:48:59 [postfix/smtpd] SSL_accept:error in SSLv3 read client certificate A
Feb 6 13:53:42 [postfix/smtpd] read from 080A77A8 [080B5AA8] (5 bytes => 5 (0x5))
Feb 6 13:53:42 [postfix/smtpd] 0000 15 03 01 00 02 .....
Feb 6 13:53:42 [postfix/smtpd] read from 080A77A8 [080B5AAD] (2 bytes => -1 (0xFFFFFFFF))
Feb 6 13:53:42 [postfix/smtpd] SSL_accept:error in SSLv3 read client certificate A
Feb 6 13:53:42 [postfix/smtpd] read from 080A77A8 [080B5AAD] (2 bytes => 2 (0x2))
Feb 6 13:53:42 [postfix/smtpd] 0000 02 2a .*
Feb 6 13:53:42 [postfix/smtpd] SSL3 alert read:fatal:bad certificate
Feb 6 13:53:42 [postfix/smtpd] SSL_accept:failed in SSLv3 read client certificate A
Feb 6 13:53:42 [postfix/smtpd] SSL_accept error from localhost[127.0.0.1]: 0
Feb 6 13:53:42 [postfix/smtpd] 12682:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1052:SSL alert number 42:
Feb 6 13:53:42 [postfix/smtpd] disconnect from localhost[127.0.0.1]
Feb 6 13:53:48 [postfix/smtpd] connect from localhost[127.0.0.1]
Feb 6 13:53:48 [postfix/smtpd] setting up TLS connection from localhost[127.0.0.1]
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:before/accept initialization
Feb 6 13:53:48 [postfix/smtpd] read from 080C57A0 [080B7AB0] (11 bytes => -1 (0xFFFFFFFF))
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:error in SSLv2/v3 read client hello A
Feb 6 13:53:48 [postfix/smtpd] read from 080C57A0 [080B7AB0] (11 bytes => 11 (0xB))
Feb 6 13:53:48 [postfix/smtpd] 0000 16 03 01 00 53 01 00 00|4f 03 01 ....S... O..
Feb 6 13:53:48 [postfix/smtpd] read from 080C57A0 [080B7ABB] (77 bytes => -1 (0xFFFFFFFF))
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:error in SSLv3 read client hello B
- Last output repeated twice -
Feb 6 13:53:48 [postfix/smtpd] read from 080C57A0 [080B7ABB] (77 bytes => 77 (0x4D))
Feb 6 13:53:48 [postfix/smtpd] 0000 00 23 e2 bc 42 40 4f 9e|4c 11 52 65 9b d2 6b ed .#..B@O. L.Re..k.
Feb 6 13:53:48 [postfix/smtpd] 0010 50 e0 0f 52 b8 ef 33 cf|99 6e a4 a4 f1 60 f5 52 P..R..3. .n...`.R
Feb 6 13:53:48 [postfix/smtpd] 0020 00 00 28 00 39 00 38 00|35 00 33 00 32 00 04 00 ..(.9.8. 5.3.2...
Feb 6 13:53:48 [postfix/smtpd] 0030 05 00 2f 00 16 00 13 fe|ff 00 0a 00 15 00 12 fe ../..... ........
Feb 6 13:53:48 [postfix/smtpd] 0040 fe 00 09 00 64 00 62 00|03 00 06 01 ....d.b. ....
Feb 6 13:53:48 [postfix/smtpd] 004d - <SPACES/NULS>?
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:SSLv3 read client hello B
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:SSLv3 write server hello A
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:SSLv3 write certificate A
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:SSLv3 write key exchange A
Feb 6 13:53:48 [postfix/smtpd] SSL_accept:SSLv3 write server done A
Feb 6 13:53:48 [postfix/smtpd] write to 080C57A0 [080C64D8] (1215 bytes => 1215 (0x4BF))
Feb 6 13:53:48 [postfix/smtpd] 0000 16 03 01 00 4a 02 00 00|46 03 01 40 23 e2 bc 73 ....J... F..@#..s
Feb 6 13:53:48 [postfix/smtpd] 0010 6d ac 7b eb 7a 67 f8 13|eb f7 53 d2 b6 8a 56 5b m.{.zg.. ..S...V[
Feb 6 13:53:48 [postfix/smtpd] 0020 97 2e 33 4e b4 78 e3 d6|7a 85 fd 20 9b ca f1 4c ..3N.x.. z.. ...L
Feb 6 13:53:48 [postfix/smtpd] 0030 18 ba 4a d9 77 6a f8 c3|80 71 d7 7c f8 11 42 1a ..J.wj.. .q.|..B.
Feb 6 13:53:48 [postfix/smtpd] 0040 fd a3 d4 f5 64 13 51 ba|57 20 e9 48 00 39 00 16 ....d.Q. W .H.9..
Feb 6 13:53:48 [postfix/smtpd] 0050 03 01 02 d0 0b 00 02 cc|00 02 c9 00 02 c6 30 82 ........ ......0.
Feb 6 13:53:48 [postfix/smtpd] 0060 02 c2 30 82 02 2b a0 03|02 01 02 02 01 01 30 0d ..0..+.. ......0.
Feb 6 13:53:48 [postfix/smtpd] 0070 06 09 2a 86 48 86 f7 0d|01 01 04 05 00 30 81 a6 ..*.H... .....0..
Feb 6 13:53:48 [postfix/smtpd] 0080 31 0b 30 09 06 03 55 04|06 13 02 55 53 31 13 30 1.0...U. ...US1.0
Feb 6 13:53:48 [postfix/smtpd] 0090 11 06 03 55 04 08 13 0a|43 61 6c 69 66 6f 72 6e ...U.... Californ
Feb 6 13:53:48 [postfix/smtpd] 00a0 69 61 31 16 30 14 06 03|55 04 07 13 0d 53 61 6e ia1.0... U....San
Feb 6 13:53:48 [postfix/smtpd] 00b0 74 61 20 42 61 72 62 61|72 61 31 13 30 11 06 03 ta Barba ra1.0...
Feb 6 13:53:48 [postfix/smtpd] 00c0 55 04 0a 13 0a 53 53 4c|20 53 65 72 76 65 72 31 U....SSL Server1
Feb 6 13:53:48 [postfix/smtpd] 00d0 22 30 20 06 03 55 04 0b|13 19 46 6f 72 20 54 65 "0 ..U.. ..For Te
Feb 6 13:53:48 [postfix/smtpd] 00e0 73 74 69 6e 67 20 50 75|72 70 6f 73 65 73 20 4f sting Pu rposes O
Feb 6 13:53:48 [postfix/smtpd] 00f0 6e 6c 79 31 12 30 10 06|03 55 04 03 13 09 6c 6f nly1.0.. .U....lo
Feb 6 13:53:48 [postfix/smtpd] 0100 63 61 6c 68 6f 73 74 31|1d 30 1b 06 09 2a 86 48 calhost1 .0...*.H
Feb 6 13:53:48 [postfix/smtpd] 0110 86 f7 0d 01 09 01 16 0e|72 6f 6f 74 40 6c 6f 63 ........ root@loc
Feb 6 13:53:48 [postfix/smtpd] 0120 61 6c 68 6f 73 74 30 1e|17 0d 30 34 30 32 30 36 alhost0. ..040206
Feb 6 13:53:48 [postfix/smtpd] 0130 30 30 32 39 32 36 5a 17|0d 30 36 30 32 30 35 30 002926Z. .0602050
Feb 6 13:53:48 [postfix/smtpd] 0140 30 32 39 32 36 5a 30 81|a6 31 0b 30 09 06 03 55 02926Z0. .1.0...U
Feb 6 13:53:48 [postfix/smtpd] 0150 04 06 13 02 55 53 31 13|30 11 06 03 55 04 08 13 ....US1. 0...U...
Feb 6 13:53:48 [postfix/smtpd] 0160 0a 43 61 6c 69 66 6f 72|6e 69 61 31 16 30 14 06 .Califor nia1.0..
Feb 6 13:53:48 [postfix/smtpd] 0170 03 55 04 07 13 0d 53 61|6e 74 61 20 42 61 72 62 .U....Sa nta Barb
Feb 6 13:53:48 [postfix/smtpd] 0180 61 72 61 31 13 30 11 06|03 55 04 0a 13 0a 53 53 ara1.0.. .U....SS
Feb 6 13:53:48 [postfix/smtpd] 0190 4c 20 53 65 72 76 65 72|31 22 30 20 06 03 55 04 L Server 1"0 ..U.
Feb 6 13:53:48 [postfix/smtpd] 01a0 0b 13 19 46 6f 72 20 54|65 73 74 69 6e 67 20 50 ...For T esting P
Feb 6 13:53:48 [postfix/smtpd] 01b0 75 72 70 6f 73 65 73 20|4f 6e 6c 79 31 12 30 10 urposes Only1.0.
Feb 6 13:53:48 [postfix/smtpd] 01c0 06 03 55 04 03 13 09 6c|6f 63 61 6c 68 6f 73 74 ..U....l ocalhost
Feb 6 13:53:48 [postfix/smtpd] 01d0 31 1d 30 1b 06 09 2a 86|48 86 f7 0d 01 09 01 16 1.0...*. H.......
Feb 6 13:53:48 [postfix/smtpd] 01e0 0e 72 6f 6f 74 40 6c 6f|63 61 6c 68 6f 73 74 30 .root@lo calhost0
Feb 6 13:53:48 [postfix/smtpd] 01f0 81 9f 30 0d 06 09 2a 86|48 86 f7 0d 01 01 01 05 ..0...*. H.......
Feb 6 13:53:48 [postfix/smtpd] 0200 00 03 81 8d 00 30 81 89|02 81 81 00 c4 d2 e1 b6 .....0.. ........
Feb 6 13:53:48 [postfix/smtpd] 0210 87 a8 32 01 45 03 9f 59|13 64 49 7e 56 2a 86 21 ..2.E..Y .dI~V*.!
Feb 6 13:53:48 [postfix/smtpd] 0220 51 c3 95 fa 2c 0c 88 30|2c 52 1f 51 3c 08 c8 19 Q...,..0 ,R.Q<...
Feb 6 13:53:48 [postfix/smtpd] 0230 ca d9 47 42 0e 37 a5 6a|0e e2 0b 84 c4 4a a3 e0 ..GB.7.j .....J..
Feb 6 13:53:48 [postfix/smtpd] 0240 00 59 58 35 b7 1a e2 78|14 34 23 e4 87 8a 43 e2 .YX5...x .4#...C.
Feb 6 13:53:48 [postfix/smtpd] 0250 c0 36 cc b9 fe 6d 0f 63|c4 d4 1a c2 b4 54 56 fa .6...m.c .....TV.
Feb 6 13:53:48 [postfix/smtpd] 0260 73 3d 89 d6 a8 da f0 ee|d3 41 40 a1 a4 b5 bd d2 s=...... .A@.....
Feb 6 13:53:48 [postfix/smtpd] 0270 41 e8 57 98 1d 77 c3 96|8e 11 68 57 b8 8a d6 50 A.W..w.. ..hW...P
Feb 6 13:53:48 [postfix/smtpd] 0280 0d 13 58 ab af 82 2a 69|87 d0 0c e5 02 03 01 00 ..X...*i ........
Feb 6 13:53:48 [postfix/smtpd] 0290 01 30 0d 06 09 2a 86 48|86 f7 0d 01 01 04 05 00 .0...*.H ........
Feb 6 13:53:48 [postfix/smtpd] 02a0 03 81 81 00 15 4a 7d 78|46 e8 fe 23 3c a7 80 00 .....J}x F..#<...
Feb 6 13:53:48 [postfix/smtpd] 02b0 8b 39 01 54 5a 00 15 af|57 2a 43 e9 9d dd 59 5e .9.TZ... W*C...Y^
Feb 6 13:53:48 [postfix/smtpd] 02c0 29 9f a9 da 7e 40 b9 3f|eb 9e bf 30 1a 3a 86 50 )...~@.? ...0.:.P
Feb 6 13:53:48 [postfix/smtpd] 02d0 8b 23 a7 26 b4 bd e7 23|4a 15 98 db 9d 90 7e ba .#.&...# J.....~.
Feb 6 13:53:48 [postfix/smtpd] 02e0 92 eb c0 15 50 14 40 c3|fa 81 5a c3 bb 4a ca 18 ....P.@. ..Z..J..
Feb 6 13:53:48 [postfix/smtpd] 02f0 66 ce e4 af e5 b6 9e 95|ce 78 02 b5 af 9e 5e 96 f....... .x....^.
Feb 6 13:53:48 [postfix/smtpd] 0300 2e 31 3a 9b 27 e2 52 b0|5c 39 9c 93 09 23 1b fa .1:.'.R. \9...#..
Feb 6 13:53:48 [postfix/smtpd] 0310 4a 4a ed 08 65 49 66 70|85 cf 79 dd 62 1e fe 91 JJ..eIfp ..y.b...
Feb 6 13:53:48 [postfix/smtpd] 0320 f6 4e 3f c0 16 03 01 01|8d 0c 00 01 89 00 80 b0 .N?..... ........
Feb 6 13:53:48 [postfix/smtpd] 0330 fe b4 cf d4 55 07 e7 cc|88 59 0d 17 26 c5 0c a5 ....U... .Y..&...
Feb 6 13:53:48 [postfix/smtpd] 0340 4a 92 23 81 78 da 88 aa|4c 13 06 bf 5d 2f 9e bc J.#.x... L...]/..
Feb 6 13:53:48 [postfix/smtpd] 0350 96 b8 51 00 9d 0c 0d 75|ad fd 3b b1 7e 71 4f 3f ..Q....u ..;.~qO?
Feb 6 13:53:48 [postfix/smtpd] 0360 91 54 14 44 b8 30 25 1c|eb df 72 9c 4c f1 89 0d .T.D.0%. ..r.L...
Feb 6 13:53:48 [postfix/smtpd] 0370 68 3f 94 8e a4 fb 76 89|18 b2 91 16 90 01 99 66 h?....v. .......f


Does any of this help? It's not a big deal since I can send through my ISP's server, but this is more of an academic exercise than anything, and I'd like to be able to actually complete it. :)

Thanks a bunch.
_________________
They don't have a good bathroom to do coke in.
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Sat Feb 07, 2004 7:16 am    Post subject: Reply with quote

Well, all that junk means that you're successfully starting a TLS session... the problem must be the client or authentication....

What does it say below the portion of the SSL log you posted? For instance, my log holds what yours does, and directly below:
Code:

SSL_accept:SSLv3 flush data
Feb  7 02:00:28 Chimera postfix/smtpd[18375]: TLS connection established from Il
lusion.apparition.ath.cx[192.168.2.3]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Feb  7 02:00:28 Chimera postfix/smtpd[18375]: B82181BC2E: client=Illusion.appari
tion.ath.cx[192.168.2.3], sasl_method=PLAIN, sasl_username=beowulf

Kmail should generate a bit more verbose error on the client side... but if it doesn't, something should be recorded since it successfully started a TLS session.... /var/log/mail.err ? /var/log/mail.warn ?
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
Dolio
l33t
l33t


Joined: 17 Jun 2002
Posts: 650

PostPosted: Sat Feb 07, 2004 7:49 am    Post subject: Reply with quote

Okay, I don't know what happened but:

KMail now asks for a password when I try to send mail. It hadn't done that before, so that's good. However, it still fails.

But, I looked in /var/log/pwdfail/current, and it says things like:

Quote:

Feb 7 02:38:14 [postfix/smtpd] warning: SASL authentication failure: no secret in database
Feb 7 02:38:14 [postfix/smtpd] warning: localhost[127.0.0.1]: SASL PLAIN authentication failed


And the /var/log/mail/current log now ends with:

Quote:
Feb 7 02:42:02 [postfix/smtpd] SSL_accept:SSLv3 flush data
Feb 7 02:42:02 [postfix/smtpd] TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Feb 7 02:42:02 [postfix/smtpd] warning: SASL authentication problem: unable to open Berkeley db /etc/sasl2/sasldb2: Permission denied
- Last output repeated twice -
Feb 7 02:42:02 [postfix/smtpd] warning: SASL authentication failure: Password verification failed
Feb 7 02:42:02 [postfix/smtpd] warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
Feb 7 02:42:03 [postfix/smtpd] lost connection after AUTH from localhost[127.0.0.1]
Feb 7 02:42:03 [postfix/smtpd] disconnect from localhost[127.0.0.1]


So I assume the permissions on /etc/sasl2/sasldb2 are set wrong. Currently they're:

Quote:
-rw-r----- 1 root mail 49152 Feb 5 19:25 sasldb2


Is this incorrect?

I don't know why KMail is connecting to postfix now and it didn't seem to be before, though. I guess I'll just chalk it up to random computer weirdness (like yesterday, when I was fooling around with apache2, and kept getting internal server errors on one file until I copied its contents, deleted the file, re-created the file and pasted the contents back in. :)). Sorry to trouble you so much.
_________________
They don't have a good bathroom to do coke in.
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Sat Feb 07, 2004 8:44 am    Post subject: Reply with quote

v2.0 of this guide stopped using sasldb since this error became all too common. If you wish to continue using sasldb though, make sure you `chown postfix /etc/sasl2/sasldb2' ... since Postfix can't read the db as it stands now....

It's no trouble at all... Believe it or not, I've learned far more maintaining this guide than originally setting it up :)
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
Dolio
l33t
l33t


Joined: 17 Jun 2002
Posts: 650

PostPosted: Sat Feb 07, 2004 9:15 am    Post subject: Reply with quote

Wait, 2.0 doesn't use that file? I used 2.0 though.

What setting causes it to check with sasldb2? Is it SASL_AUTHMECH=shadow?

I don't particularly want to use sasldb if there's an easier way (although I guess I don't care one way or the other).

I guess it's time for me to check my config files against the tutorial again. :)
_________________
They don't have a good bathroom to do coke in.
Back to top
View user's profile Send private message
john5211
n00b
n00b


Joined: 04 Feb 2004
Posts: 14

PostPosted: Sat Feb 07, 2004 9:56 am    Post subject: Reply with quote

Hey Everyone,

Thanks for pointing out that I shouldn't have gotten rid of the whole localhost line in /etc/hosts (if you do then you have to reconfigure the IMAP server; i found that out the hard way :)).

Anyway, once i was able to send mail without a problem using postfix, I went on to try to figure out how to recieve mail directly using my new setup. It took a while (at first I thoght that my ISP might be blocking port 25, but that turned out to be wrong ...), but I finally found that I had to comment out a line in my main.cf, so that the relevent lines now look like:

Code:

#smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination


I looked around in the docs for postfix some, but I'm still a little unclear ... is commenting out the smtp_client_restrictions line a security risk? If so does anyone have any suggestions for a good rule?

Dolio: For me, at least, my permissions (and ownership) for /etc/sasl2/sasldb2 are:

Code:

-rw-------    1 postfix  root        12288 Feb  4 20:32 sasldb2


So maybe that is your problem?


Also, in case anyone is interested in adding an antivirus component, configuring amavisd-new and clamav to work with this setup is very easy (at least it seemed to be so far ... :)).

Much of this is readily available in the README.postfix file that comes with the amavisd-new distribution.

Oh, and this assumes that you are running a version of postfix >= 2.0 (If you aren't, some of the config for master.cf will be different).

1) Preparation

First, emerge the software for amavisd-new and clamav:

Code:

emerge -pv amavisd-new clamav


2) Setting up amavisd-new

2.1) Initial configurations

Next, edit /etc/postfix/master.cf by adding the following lines (at the bottom of the file worked fine for me):

Code:

smtp-amavis unix -      -       n       -       2       lmtp
  -o smtp_data_done_timeout=1200

127.0.0.1:10025 inet n  -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o mynetworks_style=host
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0

pre-cleanup  unix n     -       n       -       0       cleanup
    -o virtual_alias_maps=
    -o canonical_maps=
    -o sender_canonical_maps=
    -o recipient_canonical_maps=
    -o masquerade_domains=

cleanup unix    n       -       n       -       0       cleanup
    -o mime_header_checks=
    -o nested_header_checks=
    -o body_checks=
    -o header_checks=

smtp      inet  n       -       n       -       -       smtpd
    -o cleanup_service_name=pre-cleanup
pickup    fifo  n       -       n       60      1       pickup
    -o cleanup_service_name=pre-cleanup




Then edit your /etc/postfix/main.cf file to include support for amavis:

Code:

content_filter = smtp-amavis:[127.0.0.1]:10024


2.2) Optional Configurations

Now for some optional configurations. The configuration file for amavisd-new is ~1500 lines long, so there are many options that can be controlled. These are the ones that I found most useful for my small home setup (although amavisd should work just fine without changing any of these if you don't want to).

To modify the configuration settings for amavisd-new, open up the config file /etc/amavisd.conf . From there you can:

1) Tell amavisd what to do about sending return emails when you get a virus and/or spam (note: this has nothing to do with whether or not the virus/spam is saved in a quarentine).

By default, amavisd sends a bounce or a reject when it scans a spam or a virus. To change that behavior so that it does nothing (i.e. just drops the email w/o a reply to the sender), go to ~ line 380 in the file and change the $final_virus_destiny and $final_spam_destiny (and the other ones if you like) to D_DISCARD:

Code:

$final_virus_destiny      = D_DISCARD;  # (defaults to D_BOUNCE)
$final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
$final_spam_destiny       = D_DISCARD;  # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested. 


If you prefer to bounce virus emails back to the senders except when the virus is know to spoof the return address, there are more detailed configurations at ~ line 430 that allow you (at least in principle) to do this.

2) If you would like a notification sent to you or an admin when a virus (or spam) is detected, you can specify a default location at ~ line 450 in the conf file. In this example, I am sending all the notifications to virusalert@mydomain.com. In this case, I would either have to create a user named virusalert or specify an alias in /etc/aliases.

Code:

$virus_admin = "virusalert\@$mydomain";
# $virus_admin = undef;   # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => '', '.' => 'virusalert@example.com'};
# $virus_admin = 'virus-admin@example.com';


The spam controls are virtually identical and are located directly below.

3) If you want to quarentine virus and/or spam mail, go to ~ line 510, define the quarentine directory, and tell amavisd to put the mail there:

Code:

$QUARANTINEDIR = '/var/run/amvis/virusmails';
...
#use the new 'bsmtp:' method as an alternative to the default 'local:'
$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
$spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";


Also, make sure that the lines for virus and/or spam quarentines near line 580 are not commented out (alternately, if you don't want to quarentine anything, comment out the lines):

Code:

$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine
...
$spam_quarantine_to = 'spam-quarantine';


FInally, you need to make sure that whatever directory you chose as the quarentine directory exists and is owned by amavis:

Code:

#mkdir /var/run/amavis/virusmails
#chown amavis.amavis /var/run/amavis/virusmails


If you are like me and have tons of people sending you the latest viruses via email, you might want to set up a cron job in cron.daily or cron.weekly to delete the quarentined email on a regular basis.

4) If you want to use amavisd to filter out emails with suspicious file types as attachments, look at ~ line 660 and uncomment the following (and add your own types if you like):

Code:

   qr'.\.(exe|vbs|pif|scr|bat|com)$'i,               # banned extension - basic


3) Configuring ClamAV

Luckily, nothing really needs to be done to clamav, as amavisd just calls the command line scanner (so we don't need to start the daemon). We do, however, want to make sure that we are updating our virus definitions on a regular basis, so create a file in /etc/cron.daily (i called mine freshclam, but the name doesn't matter ...) with the following content:

Code:

#! /bin/sh
#This entry updates the virus defs daily
/usr/local/bin/freshclam --quiet -l /var/log/clam-update.log


Next, make sure the permissions are correct (it needs to be executable):

Code:

-rwxr-xr-x    1 root     root          116 Feb  6 23:55 freshclam


FInally, as mentioned in the guide, make sure that fetchmail is passing the mail directly to postfix (via port 25) rather than procmal. Since i check mine via cron, I just changed my crontab to:

Code:

*/5  * * * * /usr/bin/fetchmail -K -s


(vary your options to taste, of course ... the important thing is to get rid of the '-m procmail ...' part of the line).

4) Testing and Automation

That's it for the config ... now all that's left is to start everything up! For the first try, you can start amavisd in debug mode:

Code:

    # su - amavis
    $ /usr/local/sbin/amavisd debug


In another window, reload postfix (/etc/init.d/postfix reload). If there are problems and you can't send/recieve mai (or the virus scanner isn't doing its job), you should be able to see it in the debugging output and the mail logs (mine are in /var/log/mail.log).

Once you know everything is working, go ahead and set amavisd to start with the system:

Code:

amavis # rc-update add amavisd default


Anyway, this seems to be a little longer than I thought it was going to be! Hope it heps anyone who wants to add virus scanning into their system.

Oh, one other tip, if you have SpamAssasin installed on your system, amavis is supposed to integrate with it almost seamlessly ... I don't have it installed so I don't know, so maybe someone who does could let me know if it works?

John


Last edited by john5211 on Sun Feb 08, 2004 7:13 am; edited 1 time in total
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Sun Feb 08, 2004 12:24 am    Post subject: Reply with quote

Dolio - It might be caching on your browser or ISP.... anyways, let me know how it goes :)

john5211 - Excellent work on clamav! The way your conf looks now is fine... :)
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
Dolio
l33t
l33t


Joined: 17 Jun 2002
Posts: 650

PostPosted: Sun Feb 08, 2004 11:50 pm    Post subject: Reply with quote

Well, I don't think my web browser was using a cached version, because I've reloaded the first page many times, and I don't think I ever visited this thread before version 2.0 anyway.

I've checked all my config files against the ones in the tutorial, and I can't see any discrepancies. Is it possible that SASL is just ignoring its configuration or something? I see 5 saslauthd -a shadow processes running, but it seems that when postfix tries to authenticate, it just tries to use sasldb2.

I've googled for solutions, but found none. I found a tutorial similar to your own, but it seemed to talk about saslauthd and sasldb solutions without distinguishing between the two, so that was no help. I searched the forums here and found several people having problem with saslauthd, both with the pam and shadow auth methods. However, the threads just end without a solution, so they are no help (One ends with "Hey, it magically fixed itself!", but that's not a very satisfying solution :)).

One other thing I've noticed is that when I click on the "Check what the server supports" and when I turn off TLS momentarily and telnet to postfix, it lists many more options than just PLAIN and LOGIN for logging in. Here's the line:
Quote:

250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
250-AUTH=GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM

I don't know if that sheds any light.

I guess I'm about to give up. Such is life. :)
_________________
They don't have a good bathroom to do coke in.
Back to top
View user's profile Send private message
Woolong
n00b
n00b


Joined: 03 Feb 2004
Posts: 62
Location: Hong Kong

PostPosted: Mon Feb 09, 2004 8:24 am    Post subject: sasl, sasldb and pam(shadow) Reply with quote

Dollo and beowulf:
I encountered the same problem on authentication with postfix/sasl. I've followed the ver.2 guide in order for sasl to authenticate against shadow. However, sasl seems to ignore the setting and continue to authenticate against sasldb! :cry:

I think that explains why postfix/sasl always refuses my user/passwd.

The "Virtual Mailhosting System Guide" also mentions the problem: http://www.gentoo.org/doc/en/virt-mail-howto.xml
Quote:

Note: Now for some reason, sasl will not play nicely with pam against the shadow file. I banged my head against this problem for, well, a long time. If anyone knows why sasl will not auth against the shadow file in its current gentoo incarnation, please email me as I'd love to hear a solution to this.

Quote:

As I said before, as it stands now AUTH will not work. that's because sasl will try to auth against it's sasldb, instead of the shadow file for some unknown reason, which we have not set up. So we're going to just plow through and set up mysql to hold all of our auth and virtual domain information.


beowulf, do you have any idea how to work around the problem? It'll be nice if I can get sasl works without using mysql.

Thanks for listening
Back to top
View user's profile Send private message
axxackall
l33t
l33t


Joined: 06 Nov 2002
Posts: 651
Location: Toronto, Ontario, 3rd Rock From Sun

PostPosted: Mon Feb 09, 2004 9:36 pm    Post subject: Reply with quote

if you just emerged clamav and f-prot *AND* you don't have any other virus scanner then comment out all virusa scanner in amavisd.conf leaving only two of them. I use clamav as a primary scanner and f-prot as a backup, but your milage may vary:
Code:

@av_scanners = (

  ### http://clamav.elektrapro.com/
  ['Clam Antivirus - clamscan', 'clamscan',
    '--stdout --disable-summary -r {}', [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);

@av_scanners_backup = (

  ### http://www.f-prot.com/
  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
    '-dumb -archive -packed {}', [0,8], [3,6],
    qr/Infection: (.+)/ ],

);


I havn't found a convinient way to run either clamav or f-prot as daemon, so I've decided: if it's broken just to install as a daemon then most likely it will also fail to work as a daemon.

But as a command-line scanner both clamav and f-prot work fine. All infected messages are quarantined.

I am so excited with clamav and f-prot that I am thinking if I could use them with squid or danguardian.
_________________
"Lisp is a programmable programming language." - John Foderaro, CACM, September 1991
Back to top
View user's profile Send private message
MooktaKiNG
Guru
Guru


Joined: 11 Nov 2002
Posts: 326
Location: London, UK

PostPosted: Wed Feb 11, 2004 11:50 pm    Post subject: Reply with quote

When i try to send an email from outlook, using ssl, i get this error:

Code:
Feb 10 23:22:52 [postfix/smtpd] starting TLS engine
Feb 10 23:22:52 [postfix/smtpd] connect from unknown[192.168.1.2]
Feb 10 23:22:52 [postfix/smtpd] disconnect from unknown[192.168.1.2]


Why wouldn't it recognise the 192.168.1.2 ip? weird.

Also i want to use a relay, authenicated, but without ssl. how can i do this?
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router
Back to top
View user's profile Send private message
Woolong
n00b
n00b


Joined: 03 Feb 2004
Posts: 62
Location: Hong Kong

PostPosted: Thu Feb 12, 2004 6:07 am    Post subject: cyrus-sasl Reply with quote

Another thought on cyrus-sasl& pam: is there any way to make sure that sasl is actually using /etc/sasl2/smtpd.conf?

Would it be possible that sasl checks on another file that doesn't exist, and defaults back to sasldb?
Back to top
View user's profile Send private message
Woolong
n00b
n00b


Joined: 03 Feb 2004
Posts: 62
Location: Hong Kong

PostPosted: Thu Feb 12, 2004 9:29 am    Post subject: sasl & shadow Reply with quote

In respons to Dolio and my own question that why sasl won't authenticate against shadow.

Code:

nano -w /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN


I found this out after reading a hundred times the virtual mailhosting system guide. http://www.gentoo.org/doc/en/virt-mail-howto.xml

One question: how do I change the info to my own in these new certs?
Code:

smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
Back to top
View user's profile Send private message
Dolio
l33t
l33t


Joined: 17 Jun 2002
Posts: 650

PostPosted: Thu Feb 12, 2004 10:59 pm    Post subject: Reply with quote

Ah! Wonderful. It works now.

I wonder what's wrong that it doesn't check the /etc/ version.

Must be a missing configure flag in the ebuild, or something, because the manpage for saslauthd doesn't mention that you can specify alternate config files (in which case you could just modify the init script, I guess).

Anyway, thanks so much for your help, and that goes for everyone who puzzled over my problems. :)
_________________
They don't have a good bathroom to do coke in.
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Thu Feb 12, 2004 11:03 pm    Post subject: Re: sasl & shadow Reply with quote

Sorry for taking so long to reply.... been kind of busy and unable to browse forums and such... in any case, it appears that most of the problems solved themselves so to speak.... Anyways....

Woolong wrote:
In respons to Dolio and my own question that why sasl won't authenticate against shadow.

Code:

nano -w /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN


I found this out after reading a hundred times the virtual mailhosting system guide. http://www.gentoo.org/doc/en/virt-mail-howto.xml

One question: how do I change the info to my own in these new certs?
Code:

smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem

woolong, dolio - Excellent, I'll make the addition to the guide after this post is submitted about /usr/lib/sasl2/smtpd.conf -- I happened to have it set, but didn't think it was getting read so went with /etc/sasl..... I'll list both just to be safe as I can't determine which file is being read... (better to be safe than sorry I guess....)

Thanks for the correction and I'll add it to the guide!

Unfortunately, I'm not sure what you mean by your own certs. Do you mean you wish to generate them yourself? Or that you have your own from a "trusted certificate authority" such as Verisign and Thawte? If it's the first (generate your own), I can post some steps if you'd like? Let me know....

MooktaKiNG -- Postfix doesn't need to recognize your ip, however, it might be prudent to add a line in /etc/hosts describing your computer at 192.168.1.2...

If you wish to disable SSL, I believe you can simply comment out the SSL stuff in /etc/postfix/main.cf...

---------

Version 2.1 added, it just contains the fix mentioned above, as well as a link to this page for the AV info... Nothing major...

Again, sorry for taking so long to reply....
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
MooktaKiNG
Guru
Guru


Joined: 11 Nov 2002
Posts: 326
Location: London, UK

PostPosted: Thu Feb 12, 2004 11:58 pm    Post subject: Reply with quote

Oh i've solved this already. It was a spelling mistake when i was sending my email :D:D:D

Anyway, this is a fantastic howto. Great help this is.

Maybe you can add samba and Ldap authentication :)

Or better yet, maybe a new section on email encryption.

I've been watching this thread grow, since 1.0, its great work, nicely layed out and great step by step guide.

Thank you :)
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router
Back to top
View user's profile Send private message
MooktaKiNG
Guru
Guru


Joined: 11 Nov 2002
Posts: 326
Location: London, UK

PostPosted: Fri Feb 13, 2004 12:11 am    Post subject: Reply with quote

Also it would be a great idea to integrate something like hothayd or gotmail to add hotmail compatibility.

Hothayd can also support other websites, like yaho etc.

I love the way the bogofilter has been setup. Fantastic idea. Now there's no need to look for server side plugins for squirrelmail, and now also any web client can be used :)
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router
Back to top
View user's profile Send private message
PloreOSU
n00b
n00b


Joined: 02 Oct 2003
Posts: 2

PostPosted: Fri Feb 13, 2004 2:32 am    Post subject: Thunderbird Errors Reply with quote

beowulf wrote:

woolong, dolio - Excellent, I'll make the addition to the guide after this post is submitted about /usr/lib/sasl2/smtpd.conf -- I happened to have it set, but didn't think it was getting read so went with /etc/sasl..... I'll list both just to be safe as I can't determine which file is being read... (better to be safe than sorry I guess....)


beowulf - On my system /usr/lib/sasl2/smtpd.conf is a symlink to etc/sasl2/smtpd.conf


I'm getting the Thunderbird SMTP problem with TLS enabled.
Code:
Could not establish an encrypted connection because certificate presented by 192.168.1.100 is invalid or corrupted.  Error Code: -8182

Setting "smtpd_tls_auth_only = no" and turning TLS off in Thunderbird lets me send okay (but my password is going out cleartext). I can send with TLS on in Outlook Express 5.0 and Outlook 2000. It looks like the certificates are bad, but Outlook Express uses them anyway.

Using Thunderbird
Code:
Feb 12 18:24:43 [postfix/smtpd] SSL_accept:SSLv3 flush data
Feb 12 18:24:43 [postfix/smtpd] read from 08094FA8 [080A3408] (5 bytes => -1 (0xFFFFFFFF))
Feb 12 18:24:43 [postfix/smtpd] SSL_accept:error in SSLv3 read client certificate A
Feb 12 18:29:43 [postfix/smtpd] SSL_accept error from unknown[192.168.0.50]: -1
Feb 12 18:29:43 [postfix/smtpd] disconnect from unknown[192.168.0.50]

Using Outlook Express 5.0
Code:
Feb 12 13:31:09 [postfix/smtpd] SSL_accept:SSLv3 flush data
Feb 12 13:31:09 [postfix/smtpd] read from 0809A1D0 [080A38A0] (5 bytes => -1 (0xFFFFFFFF))
Feb 12 13:31:09 [postfix/smtpd] SSL_accept:error in SSLv3 read client certificate A
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A0] (5 bytes => 5 (0x5))
Feb 12 13:31:10 [postfix/smtpd] 0000 16 03 01 00 86     .....
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A5] (134 bytes => -1 (0xFFFFFFFF))
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:error in SSLv3 read client certificate A
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A5] (134 bytes => 134 (0x86))
Feb 12 13:31:10 [postfix/smtpd] 0000 10 00 00 82 00 80 58 78|74 71 69 91 dc 28 4f 77  ......Xx tqi..(Ow
Feb 12 13:31:10 [postfix/smtpd] 0010 e5 79 62 ed 4c d7 fe be|3f 8c fc 46 63 0f d8 4e  .yb.L... ?..Fc..N
Feb 12 13:31:10 [postfix/smtpd] 0020 a7 e4 88 a8 64 1f 92 4c|ab 8d 9a 28 29 a8 89 31  ....d..L ...()..1
Feb 12 13:31:10 [postfix/smtpd] 0030 12 bf 52 50 87 3a 40 57|ae a2 41 2b 6a c2 b1 da  ..RP.:@W ..A+j...
Feb 12 13:31:10 [postfix/smtpd] 0040 0b 34 da 97 13 e0 2e 0d|b5 ce ad 34 5b ba fa 27  .4...... ...4[..'
Feb 12 13:31:10 [postfix/smtpd] 0050 15 0e d5 d3 2b 70 04 8c|5d b5 c3 2e 50 4f 24 a8  ....+p.. ]...PO$.
Feb 12 13:31:10 [postfix/smtpd] 0060 7d 65 e9 50 73 a5 81 b0|c9 8e a0 e8 fe bc 17 f4  }e.Ps... ........
Feb 12 13:31:10 [postfix/smtpd] 0070 bb 04 91 de 5d 0d f7 a3|01 80 a7 ab 5d 5c 2c d8  ....]... ....]\,.
Feb 12 13:31:10 [postfix/smtpd] 0080 28 85 be 3e 40 dc     (..>@.
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:SSLv3 read client key exchange A
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A0] (5 bytes => -1 (0xFFFFFFFF))
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:error in SSLv3 read certificate verify A
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A0] (5 bytes => 5 (0x5))
Feb 12 13:31:10 [postfix/smtpd] 0000 14 03 01 00 01     .....
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A5] (1 bytes => -1 (0xFFFFFFFF))
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:error in SSLv3 read certificate verify A
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A5] (1 bytes => 1 (0x1))
Feb 12 13:31:10 [postfix/smtpd] 0000 01     .
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A0] (5 bytes => -1 (0xFFFFFFFF))
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:error in SSLv3 read certificate verify A
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A0] (5 bytes => 5 (0x5))
Feb 12 13:31:10 [postfix/smtpd] 0000 16 03 01     ...
Feb 12 13:31:10 [postfix/smtpd] 0005 - <SPACES/NULS>?
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A5] (32 bytes => -1 (0xFFFFFFFF))
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:error in SSLv3 read certificate verify A
Feb 12 13:31:10 [postfix/smtpd] read from 0809A1D0 [080A38A5] (32 bytes => 32 (0x20))
Feb 12 13:31:10 [postfix/smtpd] 0000 71 8e ff 2a 2e 1b e9 94|83 0b e3 29 08 f3 c3 09  q..*.... ...)....
Feb 12 13:31:10 [postfix/smtpd] 0010 6c 73 bf 7a 1c 9e b2 e6|30 49 fe 23 1a a5 1a fb  ls.z.... 0I.#....
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:SSLv3 read finished A
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:SSLv3 write change cipher spec A
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:SSLv3 write finished A
Feb 12 13:31:10 [postfix/smtpd] write to 0809A1D0 [080B19C8] (43 bytes => 43 (0x2B))
Feb 12 13:31:10 [postfix/smtpd] 0000 14 03 01 00 01 01 16 03|01 00 20 77 d0 f2 d8 0d  ........ .. w....
Feb 12 13:31:10 [postfix/smtpd] 0010 b4 bf c9 04 c8 f5 99 17|aa b7 d9 0c 7e d4 2f 54  ........ ....~./T
Feb 12 13:31:10 [postfix/smtpd] 0020 2c 15 d6 4e f7 23 fc d7|e0 c5 c6     ,..N.#.. ...
Feb 12 13:31:10 [postfix/smtpd] SSL_accept:SSLv3 flush data
Feb 12 13:31:10 [postfix/smtpd] TLS connection established from nat-wv.mentorg.com[192.94.38.34]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Fri Feb 13, 2004 10:10 am    Post subject: Reply with quote

MooktaKiNG -- I think I'll sign up for a hotmail account just to test out gotmail and add it to the guide... I don't have an account so never bothered investigating the matter.... But quite a number of people use it... so I guess it wouldn't hurt :) -- I don't think I'll be adding ldap or samba though... not for a very long time... I know nothing of ldap and I can't even get my printer working in samba... I haven't tried very hard since I only play games in Windows... It may go on a possible todo list, not sure yet... thanks for the suggestions.

PloreOSU -- Yeah, it used to be a symlink on my system before my HDD died and had to re-install. I think one of the newer ebuilds determines if the file/symlink exists and if not copies a file to both places... *shrugs* -- I believe Thunderbird won't allow you to connect when the SSL cert is not valid (not issued by a trusted source). If I get some time over the weekend I'll try testing it out and see why only Thunderbird is choking on the certs... Thanks for the confirmation.
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
Woolong
n00b
n00b


Joined: 03 Feb 2004
Posts: 62
Location: Hong Kong

PostPosted: Fri Feb 13, 2004 10:08 pm    Post subject: certificate Reply with quote

Quote:

Unfortunately, I'm not sure what you mean by your own certs. Do you mean you wish to generate them yourself? Or that you have your own from a "trusted certificate authority" such as Verisign and Thawte? If it's the first (generate your own), I can post some steps if you'd like? Let me know....


What I meant was changing fields like countryName_default and stateOrProvinceName_default to what I want.

Since you've mentioned, I'm also interested in getting a cert from a "trusted certificate authority". I'm curious about how much it costs, which one the best provider, and the steps to get it done.

No need to be sorry. We are all grateful for what you've done for the guide! :D
Back to top
View user's profile Send private message
morlix
n00b
n00b


Joined: 14 Feb 2004
Posts: 51
Location: Germany

PostPosted: Sat Feb 14, 2004 1:28 am    Post subject: Reply with quote

i still can´t log in to my courier-imap-ssl!

imap works, but imap-ssl not...

i read the hole thread, but i didn´t find the solution for my problem(s)...

/var/log/messages
Code:

Feb 14 02:25:38 <hostname> imapd-ssl: Connection, ip=[<ip>]
Feb 14 02:25:39 <hostname> imapd-ssl: LOGIN: DEBUG: ip=[<ip>], command=AUTHENTICATE
Feb 14 02:25:44 <hostname> imapd-ssl: LOGIN FAILED, ip=[<ip>]
Feb 14 02:25:44 <hostname> imapd-ssl: LOGIN: DEBUG: ip=[<ip>], command=LOGIN
Feb 14 02:25:44 <hostname> imapd-ssl: LOGIN: DEBUG: ip=[<ip>], username=morlix
Feb 14 02:25:49 <hostname> imapd-ssl: LOGIN FAILED, ip=[<ip>]



/etc/courier-imap/authdaemond.conf
Code:

AUTHDAEMOND="authdaemond.plain"


/etc/courier-imap/authdaemonrv
Code:

authmodulelist="authpam"


/etc/courier-imap/imap-ssl
Code:

SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/imapd-ssl.pid
IMAPDSSLSTART=Yes
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=0
COURIERTLS=${bindir}/couriertls
TLS_PROTOCOL=SSL3
TLS_STARTTLS_PROTOCOL=TLS1
TLS_CERTFILE=/etc/courier-imap/imapd.pem
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
TLS_CACHESIZE=524288



/etc/pam.d/imap
Code:

auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth


grZ morlix
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 12, 13, 14 ... 25, 26, 27  Next
Page 13 of 27

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum