hi again, the complete reponse said that i said: client does not send TLS,
server has TLS/SSL capable, see:

NOTE: certificates said expired but works and are capable!
---
SSL handshake has read 1467 bytes and written 482 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
B3F0570F53D2A87FB853332A550DDAD0C699A314A5038BD6B7F0E62F5CED6732
    Session-ID-ctx:
    Master-Key:
82D0DA6C20F6C15CAE189D41AE2644A0CF99304E4F70D5E3B8DC126D900B003731E7591F5CD3497D1CFCF87DDBA8EEC9
    Key-Arg   : None
    Start Time: 1458232749
    Timeout   : 300 (sec)
    Verify return code: 10 (certificate has expired)
---
250 DSN


Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

2016-03-17 11:49 GMT-04:30 Gordon Messmer <gordon.mess...@gmail.com>:

> On 03/17/2016 07:10 AM, PICCORO McKAY Lenz wrote:
> >
> >     but either /usr/lib/courier/bin/couriertls (specified in COURIERTLS
> in
> >     the esmtpd file) is not executable,
> >
> > verified and its executable! works perfectly i read manual about if
> > this program are not present in installation will not work, and i have
> > it and works!
>
> Is it executable by the user that esmtpd is running as?  Use "ps aux |
> grep esmtpd.pid" to check the UID of the esmtpd process.
> >
> >     or /usr/lib/courier/share/esmtpd.pem
> >     (specified in TLS_CERTFILE in the esmtpd file) does not exist, or
> >     cannot
> >
> > are readed and works! inclusive! i used (to test) in the web server!
> > works!
>
> The web server's ability to read the certificate tells us nothing about
> whether esmtpd can read it.  Check the UID of the process, and the
> permissions of the file.
>
> > I read about the option "ESMTP_TLS_REQUIRED" ummm there's other that
> > maybe set to always encrypt all the mail send to other servers?
>
> I think you're missing the fact that Courier uses one process to send
> mail and another to receive mail.
>
> The ESMTP_TLS_REQUIRED setting affects courieresmtpd, which receives
> mail.  If you set it, you will refuse mail from clients that don't
> STARTTLS.
>
> Mail is sent by courierd (actually courieresmtp), which gets its
> configuration from /etc/courier/courierd.  As far as I know, there is no
> setting to *require* that recipients have TLS.  Courier uses
> opportunistic encryption.  If the recipient server advertises TLS, it
> will be used.  If the recipient doesn't have TLS, it will be sent
> without encryption.
>
> A long time ago, I wrote a patch that did provide such a setting, but I
> have no idea if it works any more:
> http://phantom.dragonsdawn.net/~gordon/courier-patches/courier.reqtls.patch
>
> In any case, you should start troubleshooting by verifying that the
> destination can STARTTLS.  Log in to the server where you're sending
> mail and use openssl's s_client to try to connect.  Make sure you use
> the hostname of the server which is the MX for eldominio.net.ve:
>
> openssl s_client -connect eldominio.net.ve:25 -starttls smtp -crlf
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> _______________________________________________
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to