Hi All, I have a small courier implementation supporting family and friends. The disk crashed on the hosted server this past weekend, forcing me to rebuild it. Now all clients are experiencing a 20-30 second initial delay whenever attempting to send a message through smtp. We're using TLS over port 587 to esmtpd-msa, but have verified the same thing happens with TLS over port 25 to esmtpd. This issue happens for all users at all locations using a variety of email clients (e.g., thunderbird, outlook express). We've never experienced this before.
The implementation is courier 0.60 on debian with the standard distro packages (from lenny == debian testing). I've searched for similar issues and already addressed things that seemed potentially relevant. E.g., the implementation uses authpam and so does not advertise CRAM-MD5: ESMTPAUTH="" ESMTPAUTH_TLS="PLAIN LOGIN" Does anybody have any idea what could cause this or how I might further diagnose? Thanks for any help, Chuck (logs and configs below) Here is an example set of log entries (with DEBUG_LOGIN=1 in authdeamonrc and ESMTP_LOG_DIALOG=1 in esmtpd-msa): (no log entries at all for approx. 25 seconds after client initiates smtp connect, then things appear normal:) Jan 6 00:08:17 aloha courieresmtpd: started,ip=[::ffff:216.235.35.135] Jan 6 00:08:17 aloha courieresmtpd: EHLO [192.168.1.121] Jan 6 00:08:17 aloha courieresmtpd: STARTTLS Jan 6 00:08:17 aloha courieresmtpd: EHLO [192.168.1.121] Jan 6 00:08:17 aloha courieresmtpd: AUTH PLAIN AGNodWNrAGUyNzE4Mjg= Jan 6 00:08:17 aloha authdaemond: received auth request, service=esmtp, authtype=login Jan 6 00:08:17 aloha authdaemond: authpam: trying this module Jan 6 00:08:17 aloha authdaemond: authpam: sysusername=chuck, sysuserid=<null>, sysgroupid=1002, homedir=/home/chuck, address=chuck, fullname=Chuck Williams,,,, maildir=<null>, quota=<null>, options=<null> Jan 6 00:08:17 aloha authdaemond: pam_service=esmtp, pam_username=chuck Jan 6 00:08:17 aloha authdaemond: dopam successful Jan 6 00:08:17 aloha authdaemond: Authenticated: sysusername=chuck, sysuserid=<null>, sysgroupid=1002, homedir=/home/chuck, address=chuck, fullname=Chuck Williams,,,, maildir=<null>, quota=<null>, options=<null> Jan 6 00:08:17 aloha courieresmtpd: MAIL FROM:<[email protected]> SIZE=1015 Jan 6 00:08:18 aloha courieresmtpd: RCPT TO:<[email protected]> Jan 6 00:08:18 aloha courieresmtpd: DATA Jan 6 00:08:18 aloha courierd: newmsg,id=00000000031B0023.000000004962A0F2.0000443A: dns; [192.168.1.121] ([::ffff:216.235.35.135]) Jan 6 00:08:18 aloha courierd: started,id=00000000031B0023.000000004962A0F2.0000443A,from=<[email protected]>,module=esmtp,host=gmail.com,addr=<[email protected]> Jan 6 00:08:18 aloha courierd: Waiting. shutdown time=none, wakeup time=Tue Jan 6 01:34:45 2009, queuedelivering=2, inprogress=1 Jan 6 00:08:18 aloha courieresmtpd: QUIT My esmtpd, esmtpd-msa, and authdaemonrc configs are below (separate by a line of ***************************************): aloha:/etc/courier# cat esmtpd ##VERSION: $Id $ # # # esmtpd created from esmtpd.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # Copyright 1998 - 2008 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for Courier's esmtpd server. # It is started by couriertcpd, Courier's TCP server. # A lot of the stuff here is documented in the manual page for couriertcpd. ##NAME: PATH:0 # # Specify the default PATH that everything inherits. PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin ##NAME: SHELL:0 # # The default shell SHELL=/bin/sh ##NAME: ULIMIT:0 # # Sets the maximum size of courieresmtpd's data segment # ULIMIT=16384 ##NAME: BOFHCHECKDNS:0 # # Comment out the following line in order to accept mail with a bad # return address. BOFHCHECKDNS="1" ##NAME: BOFHNOEXPN:1 # # Set BOFHNOEXP to 1 to disable EXPN BOFHNOEXPN=1 ##NAME: BOFHNOVRFY:1 # # Set BOFHNOVERIFY to disable VRFY BOFHNOVRFY=1 ##NAME: NOADDMSGID:0 # # The following environment variables keep Courier from adding # default Date: and Message-ID: header to messages which do not have them. # If you would like to add default headers only for mail from certain # IP address ranges, you can override them in couriertcpd access file, # see couriertcpd(8). NOADDMSGID="1" ##NAME: NOADDDATE:0 # NOADDDATE="1" ##NAME: ESMTP_LOG_DIALOG:0 # # If set, log the esmtp dialog. ESMTP_LOG_DIALOG=0 ##NAME: AUTH_REQUIRED:0 # # Set AUTH_REQUIRED to 1 in order to force the client to use ESMTP # authentication. You can override AUTH_REQUIRED on a per-IP address basis # using smtpaccess. See makesmtpaccess(8). AUTH_REQUIRED="0" ######################################################################### # ##NAME: COURIERTLS:0 # # The following variables configure ESMTP STARTTLS. If OpenSSL or GnuTLS # is available during configuration, the couriertls helper gets compiled, and # upon installation a dummy TLS_CERTFILE gets generated. courieresmtpd will # automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE # and COURIERTLS exist. # # WARNING: Peer certificate verification has NOT yet been tested. Proceed # at your own risk. Only the basic SSL/TLS functionality is known to be # working. Keep this in mind as you play with the following variables. COURIERTLS=/usr/bin/couriertls ##NAME: ESMTP_TLS_REQUIRED:0 # # Set ESMTP_TLS_REQUIRED to 1 if you REQUIRE SSL/TLS to be used for receiving # mail. Setting it here will require it for every connection. You can also # set ESMTP_TLS_REQUIRED in the smtpaccess file, see makesmtpaccess(8) for # more information # ESMTP_TLS_REQUIRED=0 ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # # SSL2 - SSLv2 # SSL3 - SSLv3 # SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) # TLS1 - TLS1 # # GnuTLS: # # SSL3 - SSLv3 # TLS1 - TLS 1.0 # TLS1_1 TLS 1.1 # # When compiled against GnuTLS, multiple protocols can be selected as follows: # TLS_PROTOCOL="TLS1_1:TLS1:SSL3" ##NAME: TLS_CIPHER_LIST:0 # # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST # undefined # # OpenSSL: # # TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" # # When using the SSL23 protocol setting (see above), the following setting # should turn off SSL2 (leaving just SSL3 and TLS1) and all anonymous ciphers: # # TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength" # # GnuTLS: # # TLS_CIPHER_LIST="HIGH:MEDIUM" # # The actual list of available ciphers depend on the options GnuTLS was # compiled against. The possible ciphers are: # # AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL # # Also, the following aliases: # # HIGH -- all ciphers that use more than a 128 bit key size # MEDIUM -- all ciphers that use a 128 bit key size # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher ##NAME: TLS_KX_LIST:0 # # GnuTLS only: # # Allowed key exchange protocols. The default of "ALL" should be sufficient. # The list of supported key exchange protocols depends on the options GnuTLS # was compiled against, but may include the following: # # DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT TLS_KX_LIST=ALL ##NAME: TLS_COMPRESSION:0 # # GnuTLS only: # # Optional compression. "ALL" selects all available compression methods. # # Available compression methods: DEFLATE, LZO, NULL TLS_COMPRESSION=ALL ##NAME: TLS_CERTS:0 # # GnuTLS only: # # Supported certificate types are X509 and OPENPGP. # # OPENPGP has not been tested TLS_CERTS=X509 ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. ##NAME: TLS_DHCERTFILE:0 # # TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA # you must generate a DH pair that will be used. In most situations the # DH pair is to be treated as confidential, and the file specified by # TLS_DHCERTFILE must not be world-readable. # # TLS_DHCERTFILE= ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually # treated as confidential, and must not be world-readable. Set TLS_CERTFILE # instead of TLS_DHCERTFILE if this is a garden-variety certificate # # VIRTUAL HOSTS (servers only): # # Due to technical limitations in the original SSL/TLS protocol, a dedicated # IP address is required for each virtual host certificate. If you have # multiple certificates, install each certificate file as # $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address # for the certificate's domain name. So, if TLS_CERTFILE is set to # /etc/certificate.pem, then you'll need to install the actual certificate # files as /etc/certificate.pem.192.168.0.0.2, /etc/certificate.pem.192.68.0.0.3 # and so on, for each IP address. # # GnuTLS only (servers only): # # GnuTLS implements a new TLS extension that eliminates the need to have a # dedicated IP address for each SSL/TLS domain name. Install each certificate # as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, # then you'll need to install the actual certificate files as # /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com # and so on. # # Note that this TLS extension also requires a corresponding support in the # client. Older SSL/TLS clients may not support this feature. # # This is an experimental feature. TLS_CERTFILE=/etc/courier/esmtpd.pem ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. # pathname can be a file or a directory. If a file, the file should # contain a list of trusted certificates, in PEM format. If a # directory, the directory should contain the trusted certificates, # in PEM format, one per file and hashed using OpenSSL's c_rehash # script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying # the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set # to PEER or REQUIREPEER). # # # TLS_TRUSTCERTS= TLS_TRUSTCERTS=/etc/ssl/certs ##NAME: TLS_CERTINFO:0 # # TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer # certificates are signed by specific certificate authorities, set # TLS_OURCACERT to the name of the file containing the certificate root keys, # or set TLS_PEERCERTDIR to the name of the directory containing # the certificate root keys. # # For convenience's sake, Courier installs a default set of root certificates # (which has been swiped from Mozilla's CVS tree :-) ). Before enabling # certificate verification, you should examine all the certificates in the # following directory. ANY certificate signed by ANY root cert in # TLS_PEERCERTDIR will be accepted # # tls_peercertd...@certdir@ # TLS_OURCACERT= ##NAME: TLS_VERIFYPEER:0 # # TLS_VERIFYPEER - how to verify peer certificates. The possible values of # this setting are: # # NONE - do not verify anything # # PEER - verify the peer certificate, if one's presented # # REQUIREPEER - require a peer certificate, fail if one's not presented # # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients # will usually set TLS_VERIFYPEER to REQUIREPEER. # TLS_VERIFYPEER=NONE ##NAME: TLS_EXTERNAL:0 # # To enable SSL certificate-based authentication: # # 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate # authority's SSL certificate # # 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings # requires all SSL clients to present a certificate, and rejects # SSL/TLS connections without a valid cert). # # 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. # Example: # # TLS_EXTERNAL=emailaddress # # The above example retrieves the login ID from the "emailaddress" subject # field. The certificate's emailaddress subject must match exactly the login # ID in the courier-authlib database. ##NAME: MAILUSERGROUP:0 # # Mail user and group MAILUSER=daemon MAILGROUP=daemon ##NAME: ADDRESS:0 # # Address to listen on, can be set to a single IP address. # # ADDRESS=127.0.0.1 ##NAME: PORT:1 # # PORT specified the port number to listen on. The standard "smtp" port # is port 25. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting, if given, is a default for ports that do not have # a specified IP address. PORT=smtp ##NAME: BLACKLISTS:1 # # Blacklists we query. # # The BLOCK environment variable is automatically enforced by submit. # Nobody really does anything about BLOCK2, this is mainly for use by # plug-in mail filters. If you want Courier to unilaterally block # mail from IP addresses listed by Spamhaus or CBL, and you have a separate # localmailfilter that keys off BLOCK2, uncomment the following. If you want # to unilaterally block everything listed by Spamhaus or CBL, just replace # BLOCK2 with BLOCK. # # BLACKLISTS='-block=zen.spamhaus.org,BLOCK2 -block=cbl.abuseat.org,BLOCK2' BLACKLISTS="" ##NAME: ACCESSFILE:1 # # Access file: $ACCESSFILE - plain text file/dir, $ACCESSFILE.dat - compiled # database. # ACCESSFILE=${sysconfdir}/smtpaccess ##NAME: MAXDAEMONS:0 # # Maximum number of daemons started # MAXDAEMONS="40" ##NAME: MAXPERC:0 # # Maximum number of connections accepted from the same C address block # MAXPERC="5" ##NAME: MAXPERID:0 # # # Maximum number of connections accepted from the same IP address MAXPERIP="5" ##NAME: PIDFILE:0 # # File where couriertcpd will save its process ID # PIDFILE=/var/run/courier/esmtpd.pid ##NAME: TCPDOPTS:3 # # TCPDOPTS can contain other couriertcpd options, such as # -nodnslookup and -noidentlookup. # TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger" ##NAME: ESMTPAUTH:4 # # To enable authenticated SMTP relaying, uncomment the ESMTPAUTH setting, # below, and set it to ESMTP authentication mechanisms we support. Currently # LOGIN and CRAM-MD5 are available: # # ESMTPAUTH="LOGIN CRAM-MD5" # # You can also try PLAIN, CRAM-SHA1, and CRAM-SHA256. See INSTALL for more # information. # ESMTPAUTH="" ##NAME: ESMTPAUTH_WEBADMIN:5 # # ESMTPAUTH_WEBADMIN is used by the webadmin module # # Don't touch this setting. ESMTPAUTH_WEBADMIN="LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ##NAME: ESMTPAUTHINFOTLS:3 # # To enable SASL PLAIN authentication when using TLS, uncomment the following. # To enable SASL PLAIN with or without TLS, just add PLAIN to ESMTPAUTH, # above: # # ESMTPAUTH_TLS="PLAIN LOGIN CRAM-MD5" # # ESMTPAUTH_TLS_WEBADMIN is used by the webadmin module #ESMTPAUTH_TLS="" ESMTPAUTH_TLS="PLAIN LOGIN" ##NAME: ESMTPAUTH_TLS_WEBADMIN:5 ESMTPAUTH_TLS_WEBADMIN="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ##NAME: ESMTPDSTART:0 # # ESMTPDSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # prefix=/usr # exec_prefix=/usr # . ${sysconfdir}/esmtpd # case x$ESMTPDSTART in # x[yY]*) # /usr/sbin/esmtpd start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. ESMTPDSTART="YES" aloha:/etc/courier# *************************************** aloha:/etc/courier# cat esmtpd-msa ##VERSION: $Id: esmtpd-msa.dist.in,v 1.6 2004/04/24 19:56:19 mrsam Exp $ # # # esmtpd-msa created from esmtpd-msa.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # Copyright 2001-2004 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for Courier's mail submission # ESMTP server (RFC 2476). Basically, this is the plain old port 25 # ESMTP server, with a couple of difference. # # This configuration file is read after esmtpd, therefore it only needs # to override some options that would differ from port 25. The first # section of this configuration file sets options that are likely to be # different than the esmtpd options. ##NAME: BOFHCHECKDNS:0 # # ESMTP MSA is likely to want to verify return domain addresses. BOFHCHECKDNS="1" ##NAME: NOADDMSGID:0 # # Add the Message-ID: header, if missing. The default value for esmtp # is 1, but we want it 0 here: NOADDMSGID="0" ##NAME: NOADDDATE:0 # # Ditto for the Date: header. NOADDDATE="0" ##NAME: ESMTP_LOG_DIALOG:0 # # If set, log the esmtp dialog. ESMTP_LOG_DIALOG=1 ##NAME: AUTH_REQUIRED:0 # # Set AUTH_REQUIRED to 1 in order to force the client to use ESMTP # authentication. You can override AUTH_REQUIRED on a per-IP address basis # using smtpaccess. See makesmtpaccess(8). AUTH_REQUIRED="0" ##NAME: BLACKLISTS: 0 # # You probably want to turn off any blacklist checking, if you have it # enabled in esmtpd BLACKLISTS="" ##NAME: ADDRESS:1 # # Address to listen on, can be set to a single IP address. ADDRESS=0 ##NAME: PORT:1 # # PORT specified the port number to listen on. The standard msa port # is port 587. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting, if given, is a default for ports that do not have # a specified IP address. PORT=587 ##NAME: PIDFILE:0 # # We *MUST* use a different PID file than esmtpd!!! # PIDFILE=/var/run/courier/esmtpd-msa.pid ##NAME: ACCESSFILE:1 # # You can use a different access file for esmtp-msa than for esmtp. # To do that, create it yourself, and use makesmtpaccess-msa instead of # makesmtpaccess. ACCESSFILE=${sysconfdir}/smtpaccess ##NAME: ESMTPDSTART:0 # # ESMTPDSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # prefix=/usr # exec_prefix=/usr # . ${sysconfdir}/esmtpd # . ${sysconfdir}/esmtpd-msa # case x$ESMTPDSTART in # x[yY]*) # /usr/sbin/esmtpd-msa start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. ESMTPDSTART="YES" ##NAME: CUSTOM:1 # # Here, you can stick it any additional esmtpd settings that you want to # override. Some of the ones you are likely to want overriden may include # MAXDAEMONS, MAXPERC, MAXPERIP, AUTHMODULES, ESMTPAUTH, and ESMTPAUTH_TLS. # If you want to override them, do it here: # ##NAME: MAXDAEMONS:1 MAXDAEMONS="40" ##NAME: MAXPERC:1 MAXPERC="5" ##NAME: MAXPERIP:1 MAXPERIP="5" aloha:/etc/courier# *************************************** aloha:/etc/courier# cat authdaemonrc ##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. # # authdaemonrc created from authdaemonrc.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # This file configures authdaemond, the resident authentication daemon. # # Comments in this file are ignored. Although this file is intended to # be sourced as a shell script, authdaemond parses it manually, so # the acceptable syntax is a bit limited. Multiline variable contents, # with the \ continuation character, are not allowed. Everything must # fit on one line. Do not use any additional whitespace for indentation, # or anything else. ##NAME: authmodulelist:2 # # The authentication modules that are linked into authdaemond. The # default list is installed. You may selectively disable modules simply # by removing them from the following list. The available modules you # can use are: authuserdb authpam authpgsql authldap authmysql authcustom authpipe authmodulelist="authpam" ##NAME: authmodulelistorig:3 # # This setting is used by Courier's webadmin module, and should be left # alone authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe" ##NAME: daemons:0 # # The number of daemon processes that are started. authdaemon is typically # installed where authentication modules are relatively expensive: such # as authldap, or authmysql, so it's better to have a number of them running. # PLEASE NOTE: Some platforms may experience a problem if there's more than # one daemon. Specifically, SystemV derived platforms that use TLI with # socket emulation. I'm suspicious of TLI's ability to handle multiple # processes accepting connections on the same filesystem domain socket. # # You may need to increase daemons if as your system load increases. Symptoms # include sporadic authentication failures. If you start getting # authentication failures, increase daemons. However, the default of 5 # SHOULD be sufficient. Bumping up daemon count is only a short-term # solution. The permanent solution is to add more resources: RAM, faster # disks, faster CPUs... daemons=5 ##NAME: authdaemonvar:2 # # authdaemonvar is here, but is not used directly by authdaemond. It's # used by various configuration and build scripts, so don't touch it! authdaemonvar=/var/run/courier/authdaemon ##NAME: DEBUG_LOGIN:0 # # Dump additional diagnostics to syslog # # DEBUG_LOGIN=0 - turn off debugging # DEBUG_LOGIN=1 - turn on debugging # DEBUG_LOGIN=2 - turn on debugging + log passwords too # # ** YES ** - DEBUG_LOGIN=2 places passwords into syslog. # # Note that most information is sent to syslog at level 'debug', so # you may need to modify your /etc/syslog.conf to be able to see it. DEBUG_LOGIN=1 ##NAME: DEFAULTOPTIONS:0 # # A comma-separated list of option=value pairs. Each option is applied # to an account if the account does not have its own specific value for # that option. So for example, you can set # DEFAULTOPTIONS="disablewebmail=1,disableimap=1" # and then enable webmail and/or imap on individual accounts by setting # disablewebmail=0 and/or disableimap=0 on the account. DEFAULTOPTIONS="" ##NAME: LOGGEROPTS:0 # # courierlogger(1) options, e.g. to set syslog facility # LOGGEROPTS="" ##NAME: LDAP_TLS_OPTIONS:0 # # Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'. # Examples: # #LDAPTLS_CACERT=/path/to/cacert.pem #LDAPTLS_REQCERT=demand #LDAPTLS_CERT=/path/to/clientcert.pem #LDAPTLS_KEY=/path/to/clientkey.pem aloha:/etc/courier# ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
