Ricardo Kleemann writes:
Thanks again Sam.So now I get this error: Apr 2 08:09:13 321 courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version numberCould this be related to the pem certfile? This is a certfile I generated acouple years back on an older computer.No, this is the TLS_PROTOCOL and the TLS_STARTTLS_PROTOCOL settings. If they are explicitly set, remove them and leave them at their default setting.Unfortunately even after commenting out TLS_PROTOCOL (it was set to SSL3), and the config file doesn't have any entry for TLS_STARTTLS_PROTOCOL. I still get the same error:Apr 3 08:13:02 321 courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version numberI also tried different combinations of settings for TLS_PROTOCOL (like using the TLS1) but always get the same error.
Well, each time you make a change you need to restart Courier for the change to take effect. That's the first thing that you should verify.
Furthermore, make sure that the TLS_PROTOCOL setting is not duplicated in the esmtpd and esmtpd-ssl configuration files. It should be set in esmtpd-ssl only. The default TLS_PROTOCOL settings were adjusted in 0.60.0 to work better, if you're running an older version you should upgrade, or explicit try setting TLS_PROTOCOL to SSL23 (for OpenSSL-built Courier).
On Linux, a good way to verify that the configuration settings have properly taken effect is to run "tr '\0' '\012' </proc/<pid>/environ | sort", to view a given process's environment variables. Use this for the couriertcpd process that's listening on port 25.
pgpBkP6mprzIN.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
