Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Email System For The Home Network - Version 2.1
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 25, 26, 27  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
carpman
Advocate
Advocate


Joined: 20 Jun 2002
Posts: 2202
Location: London - UK

PostPosted: Thu Mar 15, 2007 11:23 am    Post subject: Reply with quote

carpman wrote:
Mr.C. wrote:
This should get you started down that path:

http://tinyurl.com/2akj4y

MrC



Cheers, will try that.


Ok tried that command and get lot of output concerning certs:

Some entries edited for security indicated by 'snip'

Code:

openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify error:num=7:certificate signature failure
verify return:1
depth=0 /C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
   i:/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
issuer=/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
---
No client certificate CA names sent
---
SSL handshake has read 1375 bytes and written 332 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 2C199F14BCA071DAB8DF0D4B902D726D5C9BCABBCC4E56AB1BC26CE7C1D460A2
    Session-ID-ctx:
    Master-Key: snip
    Key-Arg   : None
    Start Time: 1173957358
    Timeout   : 300 (sec)
    Verify return code: 7 (certificate signature failure)
---
220 mail.publishing.co.uk ESMTP Postfix
DONE



Seems to be problems with the certs with line:

Code:


verify error:num=7:certificate signature failure

No client certificate CA names sent




That said the logs show:
Code:

postfix/smtpd[23999]: TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)



Nit sure if related but also see this error in logs:
Code:

imapd-ssl: /etc/courier-imap/shared/index: No such file or directory


The dir /etc/courier-imap/shared/ is there but no index ?

cheers
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb
Back to top
View user's profile Send private message
Mr.C.
n00b
n00b


Joined: 25 Feb 2007
Posts: 35

PostPosted: Thu Mar 15, 2007 6:07 pm    Post subject: Reply with quote

It appears you do not have your root CA installed. Your certificate cannot be verified without the self-signed root CA available.

mrC
Back to top
View user's profile Send private message
carpman
Advocate
Advocate


Joined: 20 Jun 2002
Posts: 2202
Location: London - UK

PostPosted: Thu Mar 15, 2007 8:28 pm    Post subject: Reply with quote

Mr.C. wrote:
It appears you do not have your root CA installed. Your certificate cannot be verified without the self-signed root CA available.

mrC


Umm, i did follow the guide and created a cert, is there another one i have to create?
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb
Back to top
View user's profile Send private message
Mr.C.
n00b
n00b


Joined: 25 Feb 2007
Posts: 35

PostPosted: Thu Mar 15, 2007 8:34 pm    Post subject: Reply with quote

"A cert", or both your self-signed CA *and* server certificate?
Back to top
View user's profile Send private message
carpman
Advocate
Advocate


Joined: 20 Jun 2002
Posts: 2202
Location: London - UK

PostPosted: Thu Mar 15, 2007 8:57 pm    Post subject: Reply with quote

Mr.C. wrote:
"A cert", or both your self-signed CA *and* server certificate?



I did section:

Code:

5.2 Adding SSL Support:

As mentioned, we want to only use SSL to connect to our IMAP server. Since we have chosen a safer method of authentication, it requires a bit more work. Let's do it now while we're still as root:
Code:

root@server # vi /etc/courier-imap/imapd.cnf

[ req_dn ]
C=CA
ST=ON
L=Toronto
O=Mail Server
OU=Automatically-generated IMAP SSL Key
CN=localhost
emailAddress=root@localhost

As you can see, I've changed the variables to match my network and location. I recommend you do the same. It doesn't really matter, but you should do it anyways. You can find all the variables to change in the "[ req_dn ]" section of the file. After you've done that, we can make our certificate file:
Code:
root@server # cd /etc/courier-imap && mkimapdcert




Looking at it now it looks only for IMAP so need to do one for TLS but not sure how?


PS many thanks for the help.
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb
Back to top
View user's profile Send private message
Mr.C.
n00b
n00b


Joined: 25 Feb 2007
Posts: 35

PostPosted: Thu Mar 15, 2007 9:15 pm    Post subject: Reply with quote

Are we trying to solve clients connecting to POSTFIX via TLS or,
are we trying to solve clients connecting to your IMAP server?

I would suggest that it is important to learn about the steps you are taking, and not blindly type them in. You are trying to configure a *secure* email system, but have no idea how, or why, or *if* it is secure.

MrC
Back to top
View user's profile Send private message
carpman
Advocate
Advocate


Joined: 20 Jun 2002
Posts: 2202
Location: London - UK

PostPosted: Thu Mar 15, 2007 10:06 pm    Post subject: Reply with quote

Mr.C. wrote:
Are we trying to solve clients connecting to POSTFIX via TLS or,
are we trying to solve clients connecting to your IMAP server?

I would suggest that it is important to learn about the steps you are taking, and not blindly type them in. You are trying to configure a *secure* email system, but have no idea how, or why, or *if* it is secure.

MrC



I am only following the guide, i am connecting via IMAP using kmail and thunderbird, if there is something that is not in the guide that i should be doing then yes i do not know what i am doing, if i did i would not need the guide?
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb
Back to top
View user's profile Send private message
tkhobbes
Guru
Guru


Joined: 12 Nov 2004
Posts: 367
Location: Switzerland

PostPosted: Sun Jun 03, 2007 12:27 pm    Post subject: Reply with quote

john5211 wrote:
FInally, as mentioned in the guide, make sure that fetchmail is passing the mail directly to postfix (via port 25) rather than procmal. Since i check mine via cron, I just changed my crontab to:

Code:

*/5  * * * * /usr/bin/fetchmail -K -s


(vary your options to taste, of course ... the important thing is to get rid of the '-m procmail ...' part of the line).


Hi, maybe this has been answered before, but: If I don't use procmail, how do I sort e-mails into different folders, then?

so long
thomas
_________________
My systems and some screenshots: http://www.hobbes.ch/techie/
My Gentoo client installation page: http://www.hobbes.ch/techie/gentoo-client/
My Gentoo Server installation: http://www.hobbes.ch/category/server
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Mon Jul 23, 2007 10:44 am    Post subject: Reply with quote

Could someone take a look at this thread?
It describes the same problem as Benzman and bruor are having.

I hope someone knows how to fix this. :?
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all.
Back to top
View user's profile Send private message
rpmohn
Tux's lil' helper
Tux's lil' helper


Joined: 26 Aug 2003
Posts: 116
Location: Vermont

PostPosted: Mon Nov 26, 2007 4:23 pm    Post subject: Local delivery suddenly stopped working! Reply with quote

I've been going crazy for the past week! I've been using this thread's tutorial/method with great success for several years now, but last Sunday (Nov18) I upgraded postfix to v2.4.5 and ever since then I can't get local delivery to work! I tried downgrading back to v2.3.6, but no luck. I tried reinstalling everything from this tutorial, but still no luck! :x

This is the only information I get:
Code:
(temporary failure. Command output: procmail: [6503] Mon Nov 26 10:56:12 2007 procmail: Assigning "LOGFILE=/home/rpmohn/.procmail/procmail.log" procmail: Opening "/home/ross/.procmail/procmail.log")


If I could get some more Command Output, I might be able to figure this out, but I haven't been able to! Procmail is still delivering just fine through fetchmail. It's just the internal stuff. Aaaaargh! :x

Please help! -Ross
Back to top
View user's profile Send private message
rpmohn
Tux's lil' helper
Tux's lil' helper


Joined: 26 Aug 2003
Posts: 116
Location: Vermont

PostPosted: Mon Nov 26, 2007 8:32 pm    Post subject: Re: Local delivery suddenly stopped working! Reply with quote

rpmohn wrote:
I've been going crazy for the past week! I've been using this thread's tutorial/method with great success for several years now, but last Sunday (Nov18) I upgraded postfix to v2.4.5 and ever since then I can't get local delivery to work! I tried downgrading back to v2.3.6, but no luck. I tried reinstalling everything from this tutorial, but still no luck! :x

This is the only information I get:
Code:
(temporary failure. Command output: procmail: [6503] Mon Nov 26 10:56:12 2007 procmail: Assigning "LOGFILE=/home/rpmohn/.procmail/procmail.log" procmail: Opening "/home/ross/.procmail/procmail.log")


If I could get some more Command Output, I might be able to figure this out, but I haven't been able to! Procmail is still delivering just fine through fetchmail. It's just the internal stuff. Aaaaargh! :x

Please help! -Ross


OK, If finally solved it. The problem was that Postfix didn't like the size of my bogofilter wordlist.db file. Fetchmail didn't have a problem with it, but Postfix did. Here is the relevant FAQ entry on the bogofilter website (though I never saw DB_PAGE_NOTFOUND as an error message!)

http://bogofilter.sourceforge.net/faq.shtml#page-notfound

Cheers! -Ross
Back to top
View user's profile Send private message
carpman
Advocate
Advocate


Joined: 20 Jun 2002
Posts: 2202
Location: London - UK

PostPosted: Tue Jan 15, 2008 11:04 am    Post subject: Reply with quote

Hello would like to increase the rate at which email is processed using this setup.

How best would this be achieved?


I believe i need to increase the postfix precesses plus increase the amavisnew processes ensuring there are more amavis process than postfix processes, is this correct?

Are there any other setting that would need changing such as spamd?

many thanks
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb
Back to top
View user's profile Send private message
nhe
n00b
n00b


Joined: 21 Nov 2006
Posts: 13

PostPosted: Thu Jan 17, 2008 10:54 am    Post subject: PAM error Reply with quote

I have followed this guide to setup my mailserver and it is working fine but I see the following errors in the logs when an imap client attaches to the server:

Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_open_session
Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_close_session

Anyone an idea?

Thanks,

Nick
Back to top
View user's profile Send private message
carpman
Advocate
Advocate


Joined: 20 Jun 2002
Posts: 2202
Location: London - UK

PostPosted: Thu Jan 17, 2008 1:09 pm    Post subject: Re: PAM error Reply with quote

nhe wrote:
I have followed this guide to setup my mailserver and it is working fine but I see the following errors in the logs when an imap client attaches to the server:

Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_open_session
Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_close_session

Anyone an idea?

Thanks,

Nick


This guide is out date in regards to pam, guide still uses pam_stack but current pam does not use this anymore, check the pam update page as you will need to alter pam config files to new syntax

http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb
Back to top
View user's profile Send private message
figueroa
Advocate
Advocate


Joined: 14 Aug 2005
Posts: 2894
Location: Edge of marsh USA

PostPosted: Sat Jun 28, 2008 7:28 pm    Post subject: Reply with quote

Quote:


Nit sure if related but also see this error in logs:
Code:

imapd-ssl: /etc/courier-imap/shared/index: No such file or directory


The dir /etc/courier-imap/shared/ is there but no index ?

cheers


Me too, and I couldn't just let it be.

There are some references to "shared" in the file imapd /etc/courier-imap/imapd and /usr/share/doc/courier-imap-*/maildir/README.sharedfolders.txt.bz2

This last read, in part:
Quote:

NOTE:

If the "shared" directory doesn't exist, just create it.


So, on one server I did have a "shared" directory, so as root I just did "touch index" from within that directory.
On the 2nd server, I did not have a "shared" directory, so I created one, and then did "touch index"

The error messages went away and I'm happy.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/17.1/desktop (stable), OpenRC, -systemd -pulseaudio -uefi
Back to top
View user's profile Send private message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2196

PostPosted: Fri Jul 04, 2008 1:12 am    Post subject: Re: ./CA.pl -newca horques Reply with quote

beowulf wrote:
cmassa - After you've ran and killed CA.pl, have you gone and cleaned up the mess? Remove all the *.pem files as well as another file located further down.... Read the Troubleshooting section where I describe what files need to be removed....


I've removed the *.pem files.... what other file needs to be deleted, I do not see this mentioned in the troubleshooting section.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Back to top
View user's profile Send private message
pmatos
Veteran
Veteran


Joined: 06 Jun 2003
Posts: 1246
Location: Eckental, Germany

PostPosted: Mon Apr 13, 2009 10:19 pm    Post subject: Reply with quote

Does anyone have a problem emerging courier-authlib 0.62.2 on amd64?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 25, 26, 27
Page 27 of 27

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum