On Sat, 2008-12-06 at 08:25 -0500, Sam Varshavchik wrote: > >> I went through a bunch of log entries on messages that failed with this > >> message and compared them with successful deliveries. One thing thread > >> that I've noticed so far is that when I contact the MX servers > >> associated with the failed addresses they all advertise TLS and STARTTLS > >> whereas those that are successful don't do so. Courier may be failing > >> to find one of it's TLS/SSL components. Maybe I can disable client-side > >> TLS for these servers and see if that puts a band-aid on the problem. > > > > OK, Sam, I set ESMTP_USE_STARTTLS=0 in /etc/courier/courierd and the > > problem goes away, however it appears that all of the files and > > directories related to TLS and STARTTLS specified in the various config > > files in /etc/courier are there, so courieresmtp is looking for > > _something_, somewhere in the local filesystem, and not finding it. > > What might this be? > > Well, first you need to determine whether it is indeed some configuration > file that's missing. If you can succesfully deliver mail to some hosts with > SSL, but not others, that still points to some host-specific issue.
I didn't do an exhaustive test, but in every case that I checked (perhaps 7 or 8 of them) this was the case. I'll test further. > But if you do indeed fail to deliver using SSL to any host due to a missing > configuration file, it may very well be that the setting is completely > missing from your configuration file. I'm using stock config files and have read the config comment directions in them pretty carefully. I've been using Courier for 6 years or so, so I kind of know what I'm doing with it ;-) > But for sending mail with SSL the only setting that's required is > TLS_TRUSTCERTS which should point to your root CA list. This is present and points to /etc/ssl/certs, a populated directory. All the symlinks in this directory are sound. > If you're using a > client certificate (unlikely) you'll also need to set TLS_CERTFILE I have: TLS_CERTFILE=/usr/share/courier/esmtpd.pem Should the file name be esmptd.pem.216.110.12.105 as suggested in the file notes? > Note that for sending mail, the TLS configuration settings > are the one that are set in the courierd configuration file, not any of the > *ssl configuration files. I have only a few settings in courierd. Sans comments, they are: ESMTP_USE_STARTTLS=0 [changed from "1", band-aid on this problem] LC_ALL=C COURIERTLS=/usr/bin/couriertls [this file exists] ESMTP_TLS_VERIFY_DOMAIN=0 TLS_PROTOCOL=SSL23 [This value is a hack, maybe no longer needed] Is there something missing here? -- Lindsay Haisley | "In an open world, | PGP public key FMP Computer Services | who needs Windows | available at 512-259-1190 | or Gates" | http://pubkeys.fmp.com http://www.fmp.com | | ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
