On Mon, Dec 20, 2004 at 01:11:53AM +0100, Andrea Riela wrote: > and I've changed the bincimap.conf with SSL: > > ---------------------------------------- > allow plain auth in non ssl = "no", > disable starttls = "no" > pem file = "/var/qmail/certs/mail.pem", > ca file = "/var/qmail/certs/nesys.ca", > cipher list = "",
I think this is the problem, Binc needs to know which ciphers you allow it to use. Try: cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP", Otherwise everything looks fine. Well, almost.. > -rw-r--r-- 1 root qmail 887 Dec 19 13:19 mail.key > -rw------- 1 root qmail 4734 Dec 20 00:57 mail.pem > > mail.pem is the result of 'cat mail.key mail.crt' I would make a new key and cert since the current key is world-readable, effectively compromising it. That will not stop Binc from using it, however. (And, as you say, Binc is looking at the key in mail.pem.) //Peter
