>> >> Unfortunately even after commenting out TLS_PROTOCOL (it was set to >> SSL3), >> and the config file doesn't have any entry for TLS_STARTTLS_PROTOCOL. I >> still get the same error: >> >> Apr 3 08:13:02 321 courieresmtpd: courieresmtpd: STARTTLS failed: >> couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong >> version number >> >> I also tried different combinations of settings for TLS_PROTOCOL (like >> using >> the TLS1) but always get the same error. > > Well, each time you make a change you need to restart Courier for the > change > to take effect. That's the first thing that you should verify. > > Furthermore, make sure that the TLS_PROTOCOL setting is not duplicated in > the esmtpd and esmtpd-ssl configuration files. It should be set in > esmtpd-ssl only. The default TLS_PROTOCOL settings were adjusted in 0.60.0 > to work better, if you're running an older version you should upgrade, or > explicit try setting TLS_PROTOCOL to SSL23 (for OpenSSL-built Courier). > > On Linux, a good way to verify that the configuration settings have > properly > taken effect is to run "tr '\0' '\012' </proc/<pid>/environ | sort", to > view > a given process's environment variables. Use this for the couriertcpd > process that's listening on port 25.
Ok, so I made sure that esmtpd has TLS_PROTOCOL commented out. It is only set in esmtpd-ssl, set to SSL23. Yes, I was restarting courier each time I made a change. Still not working, same error as before... :-( Here's the output of the environment: ACCESSFILE=/etc/courier/smtpaccess AUTH_REQUIRED=0 BOFHCHECKDNS=1 BOFHNOEXPN=1 BOFHNOVRFY=1 COURIERTLS=/usr/bin/couriertls ESMTPAUTH=LOGIN ESMTPAUTH_TLS= ESMTPAUTH_TLS_WEBADMIN=PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 ESMTPAUTH_WEBADMIN=LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 ESMTPDSTART=YES ESMTP_LOG_DIALOG=0 MAILGROUP=daemon MAILUSER=daemon MAXDAEMONS=40 MAXPERC=5 MAXPERIP=5 NOADDDATE=1 NOADDMSGID=1 PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin PIDFILE=/var/run/courier/esmtpd.pid PORT=smtp,1025 PWD=/usr SHELL=/bin/bash SHLVL=1 TCPDOPTS=-stderrlogger=/usr/sbin/courierlogger -noidentlookup TLS_CERTFILE=/etc/courier/esmtpd.pem TLS_CERTS=X509 TLS_COMPRESSION=ALL TLS_KX_LIST=ALL TLS_VERIFYPEER=NONE ULIMIT=16384 _=/usr/sbin/couriertcpd ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
