Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Lucio Crusca]

Il 19/07/2017 19:22, Alessandro Vesely ha scritto:

Did you actually check it?  I mean

  certtool -i --infile /etc/courier/esmtpd.pem

or

  openssl x509 -text -in /etc/courier/esmtpd.pem


Both tools read the file without errors and display the certificate 
informations, the modulus, the signature and the certificate.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Alessandro Vesely]

On Wed 19/Jul/2017 14:28:23 +0200 Lucio Crusca wrote:
> Il 19/07/2017 12:56, Sam Varshavchik ha scritto:
>> Check the server's certificate, esmtpd.pem. That's the only certificate
>> in play here. The file is probably corrupted.
> 
> At first glance it seems ok, the structure is the same as another file in
> another Courier server I run that works correctly (except the keys are not the
> same, obviously).
> 
> I haven't created that file myself nor obtained it from third parties: it's 
> the
> self signed certificate provided by the default courier packages installation.

Did you actually check it?  I mean

  certtool -i --infile /etc/courier/esmtpd.pem

or

  openssl x509 -text -in /etc/courier/esmtpd.pem

Ale

































--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Lucio Crusca]

Il 19/07/2017 17:06, Matus UHLAR - fantomas ha scritto:

Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:

you sould recreate and then test it!


On 19.07.17 15:57, Lucio Crusca wrote:

Forgot to mention, but I did remove the courier packages, the
/etc/courier folder, the APT package cache and reinstalled.


Did you remove or purge the packages?


Purged.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Matus UHLAR - fantomas]

Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:

you sould recreate and then test it!


On 19.07.17 15:57, Lucio Crusca wrote:
Forgot to mention, but I did remove the courier packages, the 
/etc/courier folder, the APT package cache and reinstalled.


Did you remove or purge the packages?
The quite common problem on debian and derivatives is that you remove
packages, but don't purge (clean up configuration files).

Package management remembers that the configuration diles are installed and
does not create them. When you remove them manually, they won't get
installed either.

This can lead to troubles similar to those you describe.

During reinstallation the system created the self signed certificate 
again, but nothing changed.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Lucio Crusca]

Il 19/07/2017 16:00, PICCORO McKAY Lenz ha scritto:

do you reported again debian bug tracker? using reporbug ?


Well no, but before reporting I'd like to be sure it's not my fault.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[PICCORO McKAY Lenz]

do you reported again debian bug tracker? using reporbug ? (well today its
not as was in the past but it must report too)

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

2017-07-19 9:57 GMT-04:00 Lucio Crusca :

>
>
> Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:
>
>> you sould recreate and then test it!
>>
>>
> Forgot to mention, but I did remove the courier packages, the /etc/courier
> folder, the APT package cache and reinstalled.
>
> During reinstallation the system created the self signed certificate
> again, but nothing changed.
>
> Client side this is what I get:
>
> $ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587
> === Trying mrelay:25587...
> === Connected to mrelay.
> <** Timeout (30 secs) waiting for server response
>  -> QUIT
> <** 220 mrelay ESMTP
> === Connection closed with remote host.
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Lucio Crusca]

Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:

you sould recreate and then test it!



Forgot to mention, but I did remove the courier packages, the 
/etc/courier folder, the APT package cache and reinstalled.


During reinstallation the system created the self signed certificate 
again, but nothing changed.


Client side this is what I get:

$ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587
=== Trying mrelay:25587...
=== Connected to mrelay.
<** Timeout (30 secs) waiting for server response
 -> QUIT
<** 220 mrelay ESMTP
=== Connection closed with remote host.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Lucio Crusca]

Il 19/07/2017 12:56, Sam Varshavchik ha scritto:

Check the server's certificate, esmtpd.pem. That's the only certificate
in play here. The file is probably corrupted.


At first glance it seems ok, the structure is the same as another file 
in another Courier server I run that works correctly (except the keys 
are not the same, obviousy).


I haven't created that file myself nor obtained it from third parties: 
it's the self signed certificate provided by the default courier 
packages installation.




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Sam Varshavchik]

Lucio Crusca writes:


Hello,

I've just installed a new Courier instance in a new Debian GNU/Linux 9 amd64  
server from distro packages.


This Courier should act as smart relay for another server and nothing else.

So far I've enabled courier-mta and courier-msa systemd services, changed  
the ports they listed on and created a real system account for mail relay  
(authpam). I've also let


TLS_VERIFYPEER=NONE

in /etc/courier/courierd.

Then I tested the smarthost from Thunderbird, by configuring it as outgoing  
server. It does not work. When TB tries to send a message, it connects to  
the non-default MSA port, it starts talking to the server (STARTTLS) for a  
few seconds, then it fails for "unknown reason". Server-side, in the logs, I  
get:


Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103]
Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed:  
Certificate is bad


I don't know what to try next.


Check the server's certificate, esmtpd.pem. That's the only certificate in  
play here. The file is probably corrupted.


pgp4Q8tPJRZML.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

[Lucio Crusca]

Hello,

I've just installed a new Courier instance in a new Debian GNU/Linux 9 
amd64 server from distro packages.


This Courier should act as smart relay for another server and nothing else.

So far I've enabled courier-mta and courier-msa systemd services, 
changed the ports they listed on and created a real system account for 
mail relay (authpam). I've also let


TLS_VERIFYPEER=NONE

in /etc/courier/courierd.

Then I tested the smarthost from Thunderbird, by configuring it as 
outgoing server. It does not work. When TB tries to send a message, it 
connects to the non-default MSA port, it starts talking to the server 
(STARTTLS) for a few seconds, then it fails for "unknown reason". 
Server-side, in the logs, I get:


Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103]
Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed: 
Certificate is bad


I don't know what to try next.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users