On Sat, 2008-12-06 at 17:42 -0500, Sam Varshavchik wrote:
> Lindsay Haisley writes:
>
> > [pid 5684] open("/etc/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file
> > or directory)
> > [pid 5684] stat("/etc/ssl/certs/c33a80d4.1", 0x7fff935ca8f0) = -1 ENOENT
> > (No such file or directory)
> >
> A lot of SMTP servers use self-signed certs, so certificate verification for
> SMTP isn't really useful. The default courierd settings have
> ESMTP_TLS_VERIFY_DOMAIN=0 and TLS_VERIFY_PEER=NONE. This allows TLS to
> proceed, but disables certificate verification.
This is indeed what's set in /etc/courier/courierd here.
I found a recent copy of c33a80d4.1 on the Internet and installed it in
my certs directory. Instead of "No such file or directory" followed by
a deferral, I now get "Operation in progress" followed by a deferral.
Again, if I turn off ESMTP_USE_STARTTLS things work normally.
> If you changed these
> settings in courierd, try reverting to these defaults and see what happens.
> I'm not actually sure if this is what triggers the error message. ENOENTs,
> as you've noted, are quite common and ordinary, you need to look for the one
> that immediately preceded the "No such file or directory".
Extending Gordon,s suggestion, I ran the strace w.o. the fgrep and
looked for the log write. The immediately preceeding ENOENT was for the
c33a80d4.1 cert file.
> There may be
> another reason, but confirming that these settings are the default will
> eliminate that possibility.
>
> ------------------------------------------------------------------------------
> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
> The future of the web can't happen without you. Join us at MIX09 to help
> pave the way to the Next Web now. Learn more and register at
> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
> _______________________________________________ courier-users mailing list
> [email protected] Unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/courier-users
--
Lindsay Haisley | "In an open world, | PGP public key
FMP Computer Services | who needs Windows | available at
512-259-1190 | or Gates" | http://pubkeys.fmp.com
http://www.fmp.com | |
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
