Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 19:22, Alessandro Vesely ha scritto: Did you actually check it? I mean certtool -i --infile /etc/courier/esmtpd.pem or openssl x509 -text -in /etc/courier/esmtpd.pem Both tools read the file without errors and display the certificate informations, the modulus, the signature and the certificate. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
On Wed 19/Jul/2017 14:28:23 +0200 Lucio Crusca wrote: > Il 19/07/2017 12:56, Sam Varshavchik ha scritto: >> Check the server's certificate, esmtpd.pem. That's the only certificate >> in play here. The file is probably corrupted. > > At first glance it seems ok, the structure is the same as another file in > another Courier server I run that works correctly (except the keys are not the > same, obviously). > > I haven't created that file myself nor obtained it from third parties: it's > the > self signed certificate provided by the default courier packages installation. Did you actually check it? I mean certtool -i --infile /etc/courier/esmtpd.pem or openssl x509 -text -in /etc/courier/esmtpd.pem Ale -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 17:06, Matus UHLAR - fantomas ha scritto: Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: you sould recreate and then test it! On 19.07.17 15:57, Lucio Crusca wrote: Forgot to mention, but I did remove the courier packages, the /etc/courier folder, the APT package cache and reinstalled. Did you remove or purge the packages? Purged. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: you sould recreate and then test it! On 19.07.17 15:57, Lucio Crusca wrote: Forgot to mention, but I did remove the courier packages, the /etc/courier folder, the APT package cache and reinstalled. Did you remove or purge the packages? The quite common problem on debian and derivatives is that you remove packages, but don't purge (clean up configuration files). Package management remembers that the configuration diles are installed and does not create them. When you remove them manually, they won't get installed either. This can lead to troubles similar to those you describe. During reinstallation the system created the self signed certificate again, but nothing changed. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 16:00, PICCORO McKAY Lenz ha scritto: do you reported again debian bug tracker? using reporbug ? Well no, but before reporting I'd like to be sure it's not my fault. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
do you reported again debian bug tracker? using reporbug ? (well today its not as was in the past but it must report too) Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com 2017-07-19 9:57 GMT-04:00 Lucio Crusca: > > > Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: > >> you sould recreate and then test it! >> >> > Forgot to mention, but I did remove the courier packages, the /etc/courier > folder, the APT package cache and reinstalled. > > During reinstallation the system created the self signed certificate > again, but nothing changed. > > Client side this is what I get: > > $ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587 > === Trying mrelay:25587... > === Connected to mrelay. > <** Timeout (30 secs) waiting for server response > -> QUIT > <** 220 mrelay ESMTP > === Connection closed with remote host. > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: you sould recreate and then test it! Forgot to mention, but I did remove the courier packages, the /etc/courier folder, the APT package cache and reinstalled. During reinstallation the system created the self signed certificate again, but nothing changed. Client side this is what I get: $ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587 === Trying mrelay:25587... === Connected to mrelay. <** Timeout (30 secs) waiting for server response -> QUIT <** 220 mrelay ESMTP === Connection closed with remote host. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 12:56, Sam Varshavchik ha scritto: Check the server's certificate, esmtpd.pem. That's the only certificate in play here. The file is probably corrupted. At first glance it seems ok, the structure is the same as another file in another Courier server I run that works correctly (except the keys are not the same, obviousy). I haven't created that file myself nor obtained it from third parties: it's the self signed certificate provided by the default courier packages installation. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Lucio Crusca writes: Hello, I've just installed a new Courier instance in a new Debian GNU/Linux 9 amd64 server from distro packages. This Courier should act as smart relay for another server and nothing else. So far I've enabled courier-mta and courier-msa systemd services, changed the ports they listed on and created a real system account for mail relay (authpam). I've also let TLS_VERIFYPEER=NONE in /etc/courier/courierd. Then I tested the smarthost from Thunderbird, by configuring it as outgoing server. It does not work. When TB tries to send a message, it connects to the non-default MSA port, it starts talking to the server (STARTTLS) for a few seconds, then it fails for "unknown reason". Server-side, in the logs, I get: Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103] Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed: Certificate is bad I don't know what to try next. Check the server's certificate, esmtpd.pem. That's the only certificate in play here. The file is probably corrupted. pgp4Q8tPJRZML.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Hello, I've just installed a new Courier instance in a new Debian GNU/Linux 9 amd64 server from distro packages. This Courier should act as smart relay for another server and nothing else. So far I've enabled courier-mta and courier-msa systemd services, changed the ports they listed on and created a real system account for mail relay (authpam). I've also let TLS_VERIFYPEER=NONE in /etc/courier/courierd. Then I tested the smarthost from Thunderbird, by configuring it as outgoing server. It does not work. When TB tries to send a message, it connects to the non-default MSA port, it starts talking to the server (STARTTLS) for a few seconds, then it fails for "unknown reason". Server-side, in the logs, I get: Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103] Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed: Certificate is bad I don't know what to try next. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users