Re: [courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"

Wed, 15 Mar 2017 04:32:25 -0700 

Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:

> SZÉPE Viktor writes:
>
>> 6) telnet email-smtp.us-west-2.amazonaws.com 587
>> 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227
>> MmKC14V2dPS1oRPRtSjF
>>
>> Courier says: /SECURITY=REQUIRED set, but TLS is not available
>> Could it be that Courier compares the SMTP banner
>> (email-smtp.amazonaws.com) to the certificate CN, not the specified
>> host name (email-smtp.us-west-2.amazonaws.com) ?
>
> Looks like that server uses a self-signed certificate, and if it's  
> not added to your trusted certificate store, TLS negotiation will  
> fail.
>
> You would think that Amazon has the resources to pay itself a few  
> bucks each year, for a properly signed certificate.
>
> You'll have to reset TLS_VERIFYPEER to NONE, in the esmtpd-ssl config file.

Thank you for your answer.

$ grep ^TLS_VERIFYPEER /etc/courier/*
/etc/courier/courierd:TLS_VERIFYPEER=NONE
/etc/courier/esmtpd:TLS_VERIFYPEER=NONE

esmtpd-ssl is not installed (on Debian it is the courier-mta-ssl package)

Amazon has a properly signed certificate.

Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network,  
CN=Symantec Class 3 Secure Server CA - G4

You may get it by
openssl s_client -connect email-smtp.us-west-2.amazonaws.com:587  
-starttls smtp -crlf

Please try adding this to esmtproutes
#: email-smtp.us-west-2.amazonaws.com,587 /SECURITY=REQUIRED

and this to esmtpauthclient
email-smtp.us-west-2.amazonaws.com,587 SOMEID SOMEKEY

and try to send a simple email with courier.

I do hope Amazon SES is supported.

Thank you!



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to