Email System For The Home Network - Version 2.1

[carpman]

This should get you started down that path:

http://tinyurl.com/2akj4y

MrC

Cheers, will try that.

Ok tried that command and get lot of output concerning certs:

Some entries edited for security indicated by 'snip'

Code: Select all

openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify error:num=7:certificate signature failure
verify return:1
depth=0 /C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
   i:/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
issuer=/C=US/ST=California/L=Santa Barbara/O=Postfix SMTP Server/OU=For Testing Purposes Only/CN=localhost/emailAddress=root@localhost
---
No client certificate CA names sent
---
SSL handshake has read 1375 bytes and written 332 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 2C199F14BCA071DAB8DF0D4B902D726D5C9BCABBCC4E56AB1BC26CE7C1D460A2
    Session-ID-ctx:
    Master-Key: snip
    Key-Arg   : None
    Start Time: 1173957358
    Timeout   : 300 (sec)
    Verify return code: 7 (certificate signature failure)
---
220 mail.publishing.co.uk ESMTP Postfix
DONE

Seems to be problems with the certs with line:

Code: Select all

verify error:num=7:certificate signature failure

No client certificate CA names sent

That said the logs show:

Code: Select all

postfix/smtpd[23999]: TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

Nit sure if related but also see this error in logs:

Code: Select all

imapd-ssl: /etc/courier-imap/shared/index: No such file or directory

The dir /etc/courier-imap/shared/ is there but no index ?

cheers

[Mr.C.]

It appears you do not have your root CA installed. Your certificate cannot be verified without the self-signed root CA available.

mrC

[carpman]

It appears you do not have your root CA installed. Your certificate cannot be verified without the self-signed root CA available.

mrC

Umm, i did follow the guide and created a cert, is there another one i have to create?

[Mr.C.]

"A cert", or both your self-signed CA *and* server certificate?

[carpman]

"A cert", or both your self-signed CA *and* server certificate?

I did section:

Code: Select all

5.2 Adding SSL Support:

As mentioned, we want to only use SSL to connect to our IMAP server. Since we have chosen a safer method of authentication, it requires a bit more work. Let's do it now while we're still as root:
Code:

root@server # vi /etc/courier-imap/imapd.cnf

[ req_dn ]
C=CA
ST=ON
L=Toronto
O=Mail Server
OU=Automatically-generated IMAP SSL Key
CN=localhost
emailAddress=root@localhost

As you can see, I've changed the variables to match my network and location. I recommend you do the same. It doesn't really matter, but you should do it anyways. You can find all the variables to change in the "[ req_dn ]" section of the file. After you've done that, we can make our certificate file:
Code:
root@server # cd /etc/courier-imap && mkimapdcert

Looking at it now it looks only for IMAP so need to do one for TLS but not sure how?


PS many thanks for the help.

[Mr.C.]

Are we trying to solve clients connecting to POSTFIX via TLS or,
are we trying to solve clients connecting to your IMAP server?

I would suggest that it is important to learn about the steps you are taking, and not blindly type them in. You are trying to configure a *secure* email system, but have no idea how, or why, or *if* it is secure.

MrC

[carpman]

Are we trying to solve clients connecting to POSTFIX via TLS or,
are we trying to solve clients connecting to your IMAP server?

I would suggest that it is important to learn about the steps you are taking, and not blindly type them in. You are trying to configure a *secure* email system, but have no idea how, or why, or *if* it is secure.

MrC

I am only following the guide, i am connecting via IMAP using kmail and thunderbird, if there is something that is not in the guide that i should be doing then yes i do not know what i am doing, if i did i would not need the guide?

[tkhobbes]

FInally, as mentioned in the guide, make sure that fetchmail is passing the mail directly to postfix (via port 25) rather than procmal. Since i check mine via cron, I just changed my crontab to:

Code: Select all

*/5  * * * * /usr/bin/fetchmail -K -s

(vary your options to taste, of course ... the important thing is to get rid of the '-m procmail ...' part of the line).

Hi, maybe this has been answered before, but: If I don't use procmail, how do I sort e-mails into different folders, then?

so long
thomas

[mariourk]

Could someone take a look at this thread?
It describes the same problem as Benzman and bruor are having.

I hope someone knows how to fix this.

[rpmohn]

I've been going crazy for the past week! I've been using this thread's tutorial/method with great success for several years now, but last Sunday (Nov18) I upgraded postfix to v2.4.5 and ever since then I can't get local delivery to work! I tried downgrading back to v2.3.6, but no luck. I tried reinstalling everything from this tutorial, but still no luck!

This is the only information I get:

Code: Select all

(temporary failure. Command output: procmail: [6503] Mon Nov 26 10:56:12 2007 procmail: Assigning "LOGFILE=/home/rpmohn/.procmail/procmail.log" procmail: Opening "/home/ross/.procmail/procmail.log")

If I could get some more Command Output, I might be able to figure this out, but I haven't been able to! Procmail is still delivering just fine through fetchmail. It's just the internal stuff. Aaaaargh!

Please help! -Ross

[rpmohn]

I've been going crazy for the past week! I've been using this thread's tutorial/method with great success for several years now, but last Sunday (Nov18) I upgraded postfix to v2.4.5 and ever since then I can't get local delivery to work! I tried downgrading back to v2.3.6, but no luck. I tried reinstalling everything from this tutorial, but still no luck!

This is the only information I get:

Code: Select all

(temporary failure. Command output: procmail: [6503] Mon Nov 26 10:56:12 2007 procmail: Assigning "LOGFILE=/home/rpmohn/.procmail/procmail.log" procmail: Opening "/home/ross/.procmail/procmail.log")

If I could get some more Command Output, I might be able to figure this out, but I haven't been able to! Procmail is still delivering just fine through fetchmail. It's just the internal stuff. Aaaaargh!

Please help! -Ross

OK, If finally solved it. The problem was that Postfix didn't like the size of my bogofilter wordlist.db file. Fetchmail didn't have a problem with it, but Postfix did. Here is the relevant FAQ entry on the bogofilter website (though I never saw DB_PAGE_NOTFOUND as an error message!)

http://bogofilter.sourceforge.net/faq.s ... e-notfound

Cheers! -Ross

[carpman]

Hello would like to increase the rate at which email is processed using this setup.

How best would this be achieved?


I believe i need to increase the postfix precesses plus increase the amavisnew processes ensuring there are more amavis process than postfix processes, is this correct?

Are there any other setting that would need changing such as spamd?

many thanks

[nhe]

I have followed this guide to setup my mailserver and it is working fine but I see the following errors in the logs when an imap client attaches to the server:

Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_open_session
Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_close_session

Anyone an idea?

Thanks,

Nick

[carpman]

I have followed this guide to setup my mailserver and it is working fine but I see the following errors in the logs when an imap client attaches to the server:

Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_open_session
Jan 17 11:47:51 mythtv authdaemond: PAM unable to resolve symbol: pam_sm_close_session

Anyone an idea?

Thanks,

Nick

This guide is out date in regards to pam, guide still uses pam_stack but current pam does not use this anymore, check the pam update page as you will need to alter pam config files to new syntax

http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml

[figueroa]

Nit sure if related but also see this error in logs:

Code: Select all

imapd-ssl: /etc/courier-imap/shared/index: No such file or directory

The dir /etc/courier-imap/shared/ is there but no index ?

cheers

Me too, and I couldn't just let it be.

There are some references to "shared" in the file imapd /etc/courier-imap/imapd and /usr/share/doc/courier-imap-*/maildir/README.sharedfolders.txt.bz2

This last read, in part:

NOTE:

If the "shared" directory doesn't exist, just create it.

So, on one server I did have a "shared" directory, so as root I just did "touch index" from within that directory.
On the 2nd server, I did not have a "shared" directory, so I created one, and then did "touch index"

The error messages went away and I'm happy.

[Bigun]

cmassa - After you've ran and killed CA.pl, have you gone and cleaned up the mess? Remove all the *.pem files as well as another file located further down.... Read the Troubleshooting section where I describe what files need to be removed....

I've removed the *.pem files.... what other file needs to be deleted, I do not see this mentioned in the troubleshooting section.

[pmatos]

Does anyone have a problem emerging courier-authlib 0.62.2 on amd64?