Re: [courier-users] New courier and courier-imap release

Fri, 29 Apr 2016 05:42:01 -0700 

Sam Varshavchik writes:


Mark Constable writes:


I finally have a 0.76.0 ubuntu install to test and trying to get this to
work...
> - courier, courier-imap: add support for TLS SNI when Courier is built with OpenSSL. 

I've added this vhost settings but no sign the LetsEncrypt certificate is
being delivered to Thunderbird.

~ ls -1 /etc/courier/*renta.net
defaultdomain.ded1649.renta.net
dsnfrom.ded1649.renta.net
esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
vhost.ded1649.renta.net

../ssl/ded1649.renta.net/mailserver.pem does exist and the default one
for the canonical host does work okay.

Is there some other settings I am missing?
No, there are no other settings, presuming TLS_CERTFILE in imapd-ssl points to imapd.pem, and Thunderbird is configured with the given hostname. 

A debugging tip.
Find the pid that's listening on localhost, then run strace on it. In my case it's pid 15018. 

# strace -s 256 -f -o z -p 15018

Then, use couriertls like this:

TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=none couriertls \
   -host=localhost -port=143 -protocol=imap -verify=localhost
Fedora installs all trusted certs in /etc/pki/tls/cert.pem; use the equivalent for Debian, Ubuntu, etc…
The connection attempt will fail to verify the "localhost" certificate, of course. That's fine. Then: 

# grep imapd.pem z
2734 access("/usr/lib/courier-imap/share/imapd.pem.localhost", R_OK) = -1 ENOENT (No such file or directory) 
2734  access("/usr/lib/courier-imap/share/imapd.pem", R_OK) = 0
2734  open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 10


That shows that the server process tried to open imapd.pem.localhost, first.
There's a harmless debugging message there, that slipped by me, that I'll need to remove.

Attachment: pgpOOnMtjbxaB.pgp
Description: PGP signature

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to