[courier-users] security=starttls is not working

Tue, 12 Oct 2004 02:55:01 -0700 

Well, I try again. Can anybody help with this issue?


I have 2 hosts with courier 0.47.1 on debian testing.
Both hosts can send e-mail to each other and automatically use TLS.

Then I follow "Install and configure the STARTTLS ESMTP extension" in
the INSTALL doc. I tell one host to use SECURITY=STARTTLS in
esmtproutes.

The results in the logfile are on the sending side:

"Unable to set minimum security level."

on the receiving side:

"STARTTLS failed: DEBUG: Unexpected SSL connection shut
down."


I tried to use couriertls to make some tests:

# export TLS_TRUSTCERTS=/etc/courier/kate-ca.pem
# couriertls -host=kate-stuttgart.dyndns.org -port=25465 -protocol=smtp
-printx509

220 kate-stuttgart.dyndns.org ESMTP
STARTTLS
220 Ok
Subject:
    C=DE
    ST=BaWue
    L=Stuttgart
    O=KATE
    OU=IT
    CN=kate-stuttgart.dyndns.org
    [EMAIL PROTECTED]

Not-Before: 2004-10-07 14:16:44
Not-After: 2005-10-07 14:16:44
Version: TLSv1/SSLv3
Bits: 256
Cipher: AES256-SHA
fcntl: Bad file descriptor



#couriertls -host=heu4.heubach-edv.de -port=25 -protocol=smtp -printx509
220 heu4.heubach-edv.de ESMTP
STARTTLS
220 Ok
Subject:
    C=DE
    ST=BaWue
    L=Esslingen
    O=KATE
    OU=IT
    CN=heu4.heubach-edv.de
    [EMAIL PROTECTED]

Not-Before: 2004-10-07 14:13:40
Not-After: 2005-10-07 14:13:40
Version: TLSv1/SSLv3
Bits: 256
Cipher: AES256-SHA
fcntl: Bad file descriptor


So certificate veryfication seems to work correctly - anyway
SECURITY=STARTTLS doesn't work - I'm frustrated.


For extra information here is the TLS portion of /etc/courier/esmtpd

COURIERTLS=/usr/bin/couriertls
TLS_PROTOCOL=SSL3
TLS_CERTFILE=/etc/courier/courier-heu4.pem
TLS_OURCACERT=/etc/courier/kate-ca.pem
TLS_VERIFYPEER=NONE

I also tried to put "TLS_TRUSTCERTS=/etc/courier/kate-ca.pem" into
/etc/courier/esmtpd. But I had no success.


please help - has anybody a working installation with SECURITY=STARTTLS ?

Best regards
Manfred


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to