one more follow up:
I now reinstalled both mailhosts just to be sure not to miss anything. Both hosts can send e-mail to each other and automatically use TLS.
Then I followed "Install and configure the STARTTLS ESMTP extension" in the INSTALL doc. Then I told one host to use SECURITY=STARTTLS in esmtproutes.
The results in the logfile are on the sending side:
"Unable to set minimum security level."
on the receiving side:
"STARTTLS failed: DEBUG: Unexpected SSL connection shut down."
Now I tried to use couriertls to make some tests:
# export TLS_TRUSTCERTS=/etc/courier/kate-ca.pem
# couriertls -host=kate-stuttgart.dyndns.org -port=25465 -protocol=smtp -printx509
220 kate-stuttgart.dyndns.org ESMTP STARTTLS 220 Ok Subject: C=DE ST=BaWue L=Stuttgart O=KATE OU=IT CN=kate-stuttgart.dyndns.org [EMAIL PROTECTED]
Not-Before: 2004-10-07 14:16:44 Not-After: 2005-10-07 14:16:44 Version: TLSv1/SSLv3 Bits: 256 Cipher: AES256-SHA fcntl: Bad file descriptor
#couriertls -host=heu4.heubach-edv.de -port=25 -protocol=smtp -printx509 220 heu4.heubach-edv.de ESMTP STARTTLS 220 Ok Subject: C=DE ST=BaWue L=Esslingen O=KATE OU=IT CN=heu4.heubach-edv.de [EMAIL PROTECTED]
Not-Before: 2004-10-07 14:13:40 Not-After: 2005-10-07 14:13:40 Version: TLSv1/SSLv3 Bits: 256 Cipher: AES256-SHA fcntl: Bad file descriptor
So certificate veryfication seems to work correctly - anyway SECURITY=STARTTLS doesn't work - I'm frustrated.
For extra information here is the TLS portion of /etc/courier/esmtpd
COURIERTLS=/usr/bin/couriertls TLS_PROTOCOL=SSL3 TLS_CERTFILE=/etc/courier/courier-heu4.pem TLS_OURCACERT=/etc/courier/kate-ca.pem TLS_VERIFYPEER=NONE
please help - has anybody a working installation with SECURITY=STARTTLS ?
Best regards Manfred
Manfred Heubach wrote:
(follow up by myself)
what does this exactly mean?:
(log of receiving host)
courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSLroutines:SSL3_GET_RECORD:wrong version number
(log of sending host) 500 couriertls: connect: Connection reset by peer
These messages are in the logs after I turned off STARTTLS in esmtproutes and instead told esmtpd to require STARTTLS (ESMTP_TLS_REQUIRED=1).
Manfred
Manfred Heubach wrote:
Hello,
I've got 2 hosts (Debian Sarge) with courier 0.47-1.
Both have certificates which are signed by a root certificate.
If i don't configure TLS explicitly both hosts send mail to each other and automatically switch to TLS. The smtp chat shows the STARTTLS command. Mail is transferred successfully.
Now if I say SECURITY=STARTTLS in esmtproutes, this doesn't work anymore. In the logfile the sending host says "Unable to set minimum security level".
The receiving host says "courieresmtpd: STARTTLS failed: DEBUG: Unexpected SSL connection shutdown."
I tried SSLv2 SSLv3 TLS1 and all of them show this error.
Any ideas?
Regards Manfred Heubach
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
