On 03/17/2016 07:10 AM, PICCORO McKAY Lenz wrote:
>
>     but either /usr/lib/courier/bin/couriertls (specified in COURIERTLS in
>     the esmtpd file) is not executable,
>
> verified and its executable! works perfectly i read manual about if 
> this program are not present in installation will not work, and i have 
> it and works!

Is it executable by the user that esmtpd is running as?  Use "ps aux | 
grep esmtpd.pid" to check the UID of the esmtpd process.
>
>     or /usr/lib/courier/share/esmtpd.pem
>     (specified in TLS_CERTFILE in the esmtpd file) does not exist, or
>     cannot
>
> are readed and works! inclusive! i used (to test) in the web server! 
> works!

The web server's ability to read the certificate tells us nothing about 
whether esmtpd can read it.  Check the UID of the process, and the 
permissions of the file.

> I read about the option "ESMTP_TLS_REQUIRED" ummm there's other that 
> maybe set to always encrypt all the mail send to other servers?

I think you're missing the fact that Courier uses one process to send 
mail and another to receive mail.

The ESMTP_TLS_REQUIRED setting affects courieresmtpd, which receives 
mail.  If you set it, you will refuse mail from clients that don't STARTTLS.

Mail is sent by courierd (actually courieresmtp), which gets its 
configuration from /etc/courier/courierd.  As far as I know, there is no 
setting to *require* that recipients have TLS.  Courier uses 
opportunistic encryption.  If the recipient server advertises TLS, it 
will be used.  If the recipient doesn't have TLS, it will be sent 
without encryption.

A long time ago, I wrote a patch that did provide such a setting, but I 
have no idea if it works any more:
http://phantom.dragonsdawn.net/~gordon/courier-patches/courier.reqtls.patch

In any case, you should start troubleshooting by verifying that the 
destination can STARTTLS.  Log in to the server where you're sending 
mail and use openssl's s_client to try to connect.  Make sure you use 
the hostname of the server which is the MX for eldominio.net.ve:

openssl s_client -connect eldominio.net.ve:25 -starttls smtp -crlf


------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to