Set the pass, then restart ASSP.
-- Jeremy McSpadden On Sep 28, 2011, at 11:17 PM, "Paul Farrow" <[email protected]> wrote: > > tried that also and it doesn't appear to work. The password that was > in there seems to be an encrypted one so I don;t think you can just > change the password in the config file - I may be wrong. > > > > On Wed, 28 Sep 2011 21:13:03 -0700, Jeremy McSpadden wrote: >> Edit the config file and set it. >> >> >> -- >> Jeremy McSpadden >> >> On Sep 28, 2011, at 11:10 PM, "Paul Farrow" <[email protected]> >> wrote: >> >>> >>> Thanks but I believe that shouldn't be necessary. It works for my >>> webmail client and android phone but not Thunderbird on mac or pc >>> via >>> port 465. >>> >>> I then tried to get to the admin webserver to see the settings and I >>> can't since upgrading, its like the password is not correct. It >>> used to >>> be nospam4me but cant get that to work. Any ideas on that anyone? >>> >>> Thanks >>> >>> Paul >>> >>> On Wed, 28 Sep 2011 20:02:45 -0700, Jeremy McSpadden wrote: >>>> ASSP SSL support on port 465 using stunnel (#03) >>>> ( updated 11 Mar 2011 , compatible with all ASSP versions) >>>> >>>> Be sure your all your ASSP alternative ports (listePort2) are >>>> allowed >>>> on your firewall (TCP IN/OUT). >>>> Using below "how to" you can use SMTP SSL/TLS to send email >>>> securely >>>> using port 465. >>>> If you want secure imap receiving , you should use port 143 with >>>> STARTTLS >>>> If you want secure pop3 receiving , you should use port 110 with >>>> STARTTLS >>>> >>>> Thanks to Szymon Rybczynski >>>> (pro-net-hosting.com<http://pro-net-hosting.com> and prohost.pl) >>>> >>>> HOW TO >>>> All lines starting with # are commands to execute as root. >>>> >>>> 1. You need stunnel installed. Cpanel should have stunnel >>>> installed. >>>> To check: >>>> # stunnel -version >>>> If you get something like "stunnel 4.05 on i686-redhat-linux-gnu >>>> PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003" you can continue. >>>> >>>> 2. You can make your own certificate for SSL or use cPanel cert. >>>> This >>>> howto shows how to use cPpanel cert. To make your own cert just >>>> search >>>> google for instruction and change cert path in stunnel.conf to your >>>> cert. >>>> >>>> 3. Setting up stunnel user and config file: >>>> >>>> >>>> # adduser stunnel;passwd stunnel >>>> >>>> >>>> Set password for user stunnel >>>> >>>> # cd /etc/stunnel;nano -w stunnel.conf >>>> >>>> copy and paste this: >>>> >>>> cert = /etc/stunnel/cpanel.pem >>>> chroot = /usr/local/cpanel/var/run/stunnel-assp/ >>>> pid = /stunnel.pid >>>> setuid = stunnel >>>> setgid = stunnel >>>> output = /var/log/stunnel.log >>>> [ssmtp] >>>> accept = 465 >>>> connect = 127.0.0.2:26 >>>> >>>> >>>> note : you should replace 26 with your preferred alternative port >>>> you >>>> have setup in listenPort2 , by default you will find port 26 >>>> Save the file. >>>> >>>> 4. Copy cPanel cert. >>>> >>>> If you have set correctly your own certificate for your cpanel/exim >>>> services in >>>> WHM > Service Configuration >> Manage Service SSL Certificates >>>> >>>> execute this >>>> >>>> # cp /var/cpanel/ssl/cpanel/mycpanel.pem /etc/stunnel/cpanel.pem >>>> >>>> >>>> otherwise execute this >>>> >>>> # cp /var/cpanel/ssl/cpanel/cpanel.pem /etc/stunnel/cpanel.pem >>>> >>>> Note : if /usr/local/cpanel/etc/cpanel.pem or (mycpanel.pem) does >>>> not >>>> exists you can find >>>> the cpanel certificate also here >>>> /var/cpanel/ssl/cpanel/cpanel.pem , in this case execute this >>>> # cp /usr/local/cpanel/etc/cpanel.pem /etc/stunnel/ >>>> >>>> Now execute this >>>> >>>> >>>> # cd /etc/stunnel/;chown stunnel.stunnel cpanel.pem >>>> >>>> >>>> >>>> 5. Create run dir. >>>> >>>> # cd /usr/local/cpanel/var/run/;mkdir stunnel-assp;chown >>>> stunnel.stunnel stunnel-assp >>>> >>>> >>>> 6. Setup 127.0.0.2 - if you don't do this you will create open >>>> relay >>>> on SSL port. >>>> >>>> >>>> # cp /etc/sysconfig/network-scripts/ifcfg-lo >>>> /etc/sysconfig/network-scripts/ifcfg-lo:1; >>>> # nano -w /etc/sysconfig/network-scripts/ifcfg-lo:1 >>>> >>>> Change it to look like this: >>>> >>>> >>>> DEVICE=lo:1 >>>> IPADDR=127.0.0.2 >>>> NETMASK=255.0.0.0 >>>> NETWORK=127.0.0.0 >>>> BROADCAST=127.255.255.255 >>>> ONBOOT=yes >>>> NAME=myloop >>>> Save. >>>> >>>> 7. Now bring lo:1 up. >>>> >>>> >>>> # /etc/sysconfig/network-scripts/ifup-aliases lo >>>> >>>> # ifconfig >>>> >>>> It should now list 127.0.0.2 >>>> >>>> 8. Login to ASSP web interface (ip:55555) and change: >>>> Network Setup: >>>> ------------ >>>> Second SMTP Listen Port >>>> 26 >>>> ------------ >>>> Second SMTP Destination >>>> 127.0.0.1:125 >>>> ------------ >>>> Force SMTP AUTH on Second SMTP Listen Port >>>> Checked >>>> ------------ >>>> >>>> Relaying: >>>> ------------ >>>> Accept All Mail >>>> 127.0.0.1 >>>> >>>> If you make a mistake here you can make your mail server open relay >>>> so double check the settings. >>>> >>>> 8. Open TCP IN/OUT port 465 on your firewall. >>>> >>>> 9. Now you are ready to start stunnel. Execute: >>>> >>>> # stunnel /etc/stunnel/stunnel.conf >>>> >>>> At this moment your SSL connection should work. Test it: >>>> >>>> # openssl s_client -quiet -connect localhost:465 >>>> >>>> >>>> If you get error then something is wrong and you need to check >>>> /var/log/stunnel.log >>>> >>>> If you get something like: >>>> "depth=0 >>>> >>>> >>>> /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net >>>> verify error:num=18:self signed certificate >>>> verify return:1 >>>> depth=0 >>>> >>>> >>>> /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net >>>> verify return:1 >>>> 220-pol.nameserverus2.com<http://220-pol.nameserverus2.com> ESMTP >>>> Exim 4.63 #1 Mon, 23 Jul 2007 15:42:14 +0200 >>>> 220-We do not authorize the use of this system to transport >>>> unsolicited, >>>> 220 and/or bulk e-mail." >>>> >>>> Everything is ok and ready to use. >>>> >>>> Note If you don't want see SSL popup when you send email using port >>>> 465 be sure that at point 4) you copied the mycpanel.pem >>>> certificate >>>> and your users must send email using as smtp the address of your >>>> shared ssl . If you change the .pem file , and you can't see the >>>> new >>>> certificate loaded correctly using >>>> >>>> # openssl s_client -quiet -connect localhost:465 >>>> >>>> execute this >>>> >>>> # service cpanel restart >>>> # /usr/local/cpanel/3rdparty/bin/php-cgi >>>> /usr/local/assp/deluxe/ex_localdomains.php >>>> >>>> now if you execute this >>>> >>>> # openssl s_client -quiet -connect localhost:465 >>>> >>>> you should see your server SSL certificate. >>>> >>>> >>>> 10. if you would monitor stunnel daemon in case it goes down you >>>> can >>>> add check_ssl=yes to your status.php cron in this way >>>> >>>> */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi >>>> /usr/local/assp/deluxe/status.php check_ssl=yes >>>> >>>> If you are using an alternative port different from port 26 , i.e. >>>> 40000 , in this case you should add also altport=40000 >>>> >>>> */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi >>>> /usr/local/assp/deluxe/status.php check_ssl=yes altport=40000 >>>> >>>> -- >>>> Jeremy McSpadden >>>> Flux Labs, Inc >>>> http://www.fluxlabs.net<http://www.fluxlabs.net/> >>>> Endless Solutions >>>> Office : 850-588-4626 >>>> Cell : 850-890-2543 >>>> Fax : 850-254-2955 >>>> >>>> On Sep 28, 2011, at 9:58 PM, Paul Farrow wrote: >>>> >>>> >>>> played around with the settings in thunderbird now and getting this >>>> >>>> Sep-28-11 22:57:34 [Worker_1] Connected: 10.1.10.149:49970 > >>>> 70.88.29.81:465 > 70.88.29.81:34217 > 70.88.29.81:125 , 4-16 >>>> Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 Message-Score: added 25 >>>> for >>>> EarlyTalker, total score for this message is now 25 >>>> Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1 >>>> Misbehaved SMTP session (EarlyTalker) >>>> Sep-28-11 22:57:34 [Worker_1] Disconnected: 10.1.10.149 - command >>>> list >>>> was 'n/a' - used 1 SocketCalls >>>> >>>> >>>> any ideas? >>>> >>>> Thanks >>>> >>>> Paul >>>> >>>> On Wed, 28 Sep 2011 19:53:44 -0700, Jeremy McSpadden wrote: >>>> What's accepting the ssl connection? Are you using stunnel ? Or the >>>> SSL in ASSP? >>>> >>>> >>>> -- >>>> Jeremy McSpadden >>>> >>>> On Sep 28, 2011, at 9:51 PM, "Paul Farrow" >>>> <[email protected]<mailto:[email protected]>> >>>> wrote: >>>> >>>> >>>> not with you ?? >>>> >>>> Sorry >>>> >>>> On Wed, 28 Sep 2011 19:48:14 -0700, Jeremy McSpadden wrote: >>>> Using stunnel ? >>>> >>>> >>>> -- >>>> Jeremy McSpadden >>>> >>>> On Sep 28, 2011, at 9:46 PM, "Paul Farrow" >>>> <[email protected]<mailto:[email protected]>> >>>> wrote: >>>> >>>> >>>> >>>> Since upgrading to version 2, instead of an intermittent problem >>>> with Thunderbird I have a problem all the time. >>>> >>>> The logs say this >>>> >>>> >>>> Sep-28-11 22:40:00 [Worker_1] Connected: 10.1.10.149:49617 > >>>> 70.88.29.81:465 > 70.88.29.81:56683 > 70.88.29.81:125 , 4-16 >>>> Sep-28-11 >>>> 22:40:00 [Worker_1] 10.1.10.149 info: removed '250-STARTTLS' from >>>> reply >>>> Sep-28-11 22:40:00 [Worker_1] Disconnected: 10.1.10.149 - command >>>> list was 'EHLO,QUIT' - used 2 SocketCalls >>>> >>>> and thunderbird says >>>> >>>> >>>> Thanks >>>> >>>> -- >>>> Paul >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure >>>> contains a >>>> definitive record of customers, application performance, security >>>> threats, fraudulent activity and more. Splunk takes this data and >>>> makes >>>> sense of it. Business sense. IT sense. Common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy1 >>>> _______________________________________________ >>>> Assp-user mailing list >>>> >>>> >>>> [email protected]<mailto:[email protected]> >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure >>>> contains a >>>> definitive record of customers, application performance, security >>>> threats, fraudulent activity and more. Splunk takes this data and >>>> makes >>>> sense of it. Business sense. IT sense. Common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy1 >>>> _______________________________________________ >>>> Assp-user mailing list >>>> >>>> >>>> [email protected]<mailto:[email protected]> >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure >>>> contains a >>>> definitive record of customers, application performance, security >>>> threats, fraudulent activity and more. Splunk takes this data and >>>> makes >>>> sense of it. Business sense. IT sense. Common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy1 >>>> _______________________________________________ >>>> Assp-user mailing list >>>> >>>> >>>> [email protected]<mailto:[email protected]> >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure >>>> contains a >>>> definitive record of customers, application performance, security >>>> threats, fraudulent activity and more. Splunk takes this data and >>>> makes >>>> sense of it. Business sense. IT sense. Common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy1 >>>> _______________________________________________ >>>> Assp-user mailing list >>>> >>>> >>>> [email protected]<mailto:[email protected]> >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure >>>> contains a >>>> definitive record of customers, application performance, security >>>> threats, fraudulent activity and more. Splunk takes this data and >>>> makes >>>> sense of it. Business sense. IT sense. Common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy1 >>>> _______________________________________________ >>>> Assp-user mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure >>>> contains a >>>> definitive record of customers, application performance, security >>>> threats, fraudulent activity and more. Splunk takes this data and >>>> makes >>>> sense of it. Business sense. IT sense. Common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy1 >>>> _______________________________________________ >>>> Assp-user mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and >>> makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy1 >>> _______________________________________________ >>> Assp-user mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-user > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
