Hi All--
i've recently installed courier-mta-ssl. But any connection to the
machine for smtp-over-ssl (port 465) hangs after the first response
string is received.
Background:
-----------
i installed the courier-mta-ssl package from debian stable (powerpc
architecture), alongside a set of other courier mail packages
(courier-mta and courier-imap-ssl) to make a nicely-featured machine,
which i'll call mailserver.foo the version of courier in that
distribution is 0.37.3.
courier-mta is only configured to relay mail for clients connecting
from the local subnet.
courier-imap-ssl works perfectly, and is great.
but when i connect to courier-mta-ssl, i get the greeting 220 string,
but then nothing else happens, no matter what i send to the server.
the connection appears to just hang.
i've searched the 'net high and low for mention of this problem, but
(probably due to my poor search ability) haven't found any reference
to it.
Debugging i've done:
--------------------
i don't think that the problem is with the ssl layer, because the ssl
layer appears to work exactly the same on both imap-ssl and mta-ssl,
and imap-ssl works normally. here's a couple of transcripts of me
using stunnel to connect to the different services and speak the few
commands of IMAP and SMTP i know:
(lines prefixed with >>> are from me, with <<< are from the remote
server, and no prefix indicates status messages from client
application i'm using itself)
IMAP connection:
----------------
[EMAIL PROTECTED] dkg]$ /usr/sbin/stunnel -c -D 5 -f -r mailserver.foo:993
2004.02.04 14:29:28 LOG5[5867:16384]: Using 'mailserver.foo.993' as tcpwrapper service
name
2004.02.04 14:29:28 LOG5[5867:16384]: stunnel 3.26 on i386-pc-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.7c 30 Sep 2003
<<< * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING
for distribution information.
>>> A001 CAPABILITY
<<< * CAPABILITY IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES
SORT AUTH=PLAIN
<<< A001 OK CAPABILITY completed
>>> A003 LOGOUT
<<< * BYE Courier-IMAP server shutting down
<<< A003 OK LOGOUT completed
2004.02.04 14:29:51 LOG5[5867:16384]: Connection closed: 28 bytes sent to SSL, 308
bytes sent to socket
[EMAIL PROTECTED] dkg]$
SMTPS connection:
-----------------
[EMAIL PROTECTED] dkg]$ /usr/sbin/stunnel -c -D 5 -f -r mailserver.foo:465
2004.02.04 14:32:00 LOG5[5868:16384]: Using 'mailserver.foo.465' as tcpwrapper service
name
2004.02.04 14:32:00 LOG5[5868:16384]: stunnel 3.26 on i386-pc-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.7c 30 Sep 2003
<<< 220 mailserver.foo ESMTP
>>> EHLO pinhead
<...>
nothing else i do after receiving the 220 string seems to have any
effect. the connection appears to be hung. when i finally close it
with Ctrl+D (EOF), it always reports the same amount of data that has
been sent inbound to my client, no matter how much i've sent outbound
to the server. basically, i'm just getting the header string returned
from the server, and nothing else.
i've tried this also from a shell on the mailserver itself, using
couriertls instead of stunnel, and it still hangs:
Local SMTPS connection through couriertls:
------------------------------------------
[EMAIL PROTECTED] dkg]$ couriertls -host=localhost -port=465
<<< 220 mailserver.foo ESMTP
>>> EHLO mailserver
<...>
Furthermore, connecting in to the standard mta on port 25 works fine:
Local SMTP connection:
----------------------
[EMAIL PROTECTED] dkg]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
<<< 220 mailserver.foo ESMTP
>>> EHLO mailserver
<<< 250-mailserver.foo Ok.
<<< 250-AUTH CRAM-MD5
<<< 250-AUTH=CRAM-MD5 X-NETSCAPE-HAS-BUGS
<<< 250-XVERP=Courier
<<< 250-XEXDATA
<<< 250-XSECURITY=NONE,STARTTLS
<<< 250-PIPELINING
<<< 250-8BITMIME
<<< 250-SIZE
<<< 250 DSN
>>> QUIT
<<< 221 Bye.
Connection closed by foreign host.
[EMAIL PROTECTED] dkg]$
can someone point me in the right direction to fix this (or just to
understand the problem better)? i'm happy to provide any more
information which might lead to a solution. just ask for it!
thanks for any advice you can give.
regards,
--daniel
PS: here's why i want to do this:
i want to provide the smtp-ssl service so that i can let my users
relay mail from anywhere on the 'net, but without sending any material
in the clear (at least on this hop -- i understand that further smtp
relays will be in cleartext). i plan to do this by requiring smtp
auth over smtps. that way, i don't have an open relay, my users can
have a fairly straightforward set of configuration options for their
MTAs, and everything public is done over a secure connection.
if you think this solution is unreasonable, or that there's a better
way to reach these goals, i'd be open to hearing suggestions along
those lines as well.
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
