I've been lurking on the list for a while, and I'm finally getting close
on my config to replace postfix/dovecot. However, I'm having some
issues. I'm pretty sure I want to use auth in a listener context, but
its not working out for me. Also in the logs it shows "Server
certificate verification failed on session dcad1b1012daf5ab" which
doesn't sound good, and finally the "accept from any for any tls" seems
scary is that safe or does it need work? If you need to see more to help
I'll gladly send, but I don't think the contents of my tables are at fault.
thanks in advance
table aliases db:/etc/mail/aliases.db
table vdomains db:/etc/mail/vdomains.db
table vusers db:/etc/mail/vusers.db
table creds db:/etc/mail/creds.db
pki test.pettijohn-web.com certificate "/etc/ssl/test.pettijohn-web.com.crt"
pki test.pettijohn-web.com key "/etc/ssl/private/test.pettijohn-web.com.key"
listen on egress tls pki test.pettijohn-web.com auth-optional <creds>
listen on lo0
queue compression
queue encryption key f61de1a07fba7ccd57af89df8c28fc1f
accept from any for domain <vdomains> virtual <vusers> deliver to mda \
"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{rcpt}"
accept for local alias <aliases> deliver to maildir
accept from any for any relay tls
an 18 11:04:37 test smtpd[19071]: info: OpenSMTPD 5.4.3 starting
Jan 18 11:04:37 test smtpd[31324]: info: startup
Jan 18 11:04:37 test smtpd[17018]: queue: queue compression enabled
Jan 18 11:04:37 test smtpd[17018]: queue: queue encryption enabled
Jan 18 11:05:03 test smtpd[28771]: smtp-in: New session dcad1b0d36ef0919
from host 50.59.230.47 [50.59.230.47]
Jan 18 11:05:04 test smtpd[28771]: smtp-in: Accepted message 0076ede3 on
session dcad1b0d36ef0919: from=<[email protected]>,
to=<[email protected]>, size=397, ndest=1, proto=ESMTP
Jan 18 11:05:04 test smtpd[28771]: smtp-in: Closing session dcad1b0d36ef0919
Jan 18 11:05:05 test smtpd[28771]: smtp-out: Connecting to
tls://108.61.222.55:25 (pettijohn-web.com) on session dcad1b1012daf5ab...
Jan 18 11:05:05 test smtpd[28771]: smtp-out: Connected on session
dcad1b1012daf5ab
Jan 18 11:05:05 test smtpd[28771]: smtp-out: Started TLS on session
dcad1b1012daf5ab: version=TLSv1/SSLv3,
cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256
Jan 18 11:05:05 test smtpd[28771]: smtp-out: Server certificate
verification failed on session dcad1b1012daf5ab
Jan 18 11:05:06 test smtpd[28771]: relay: Ok for 0076ede349e5580f:
session=dcad1b1012daf5ab, from=<[email protected]>,
to=<[email protected]>, rcpt=<->, source=104.207.147.73,
relay=108.61.222.55 (pettijohn-web.com), delay=2s, stat=250 2.0.0 Ok:
queued as D6C081A86E
Jan 18 11:05:16 test smtpd[28771]: smtp-out: Closing session
dcad1b1012daf5ab: 1 message sent.
#logs after changing auth-optional to auth
Jan 18 11:08:55 test smtpd[6570]: info: OpenSMTPD 5.4.3 starting
Jan 18 11:08:55 test smtpd[21553]: info: startup
Jan 18 11:08:55 test smtpd[23294]: queue: queue compression enabled
Jan 18 11:08:55 test smtpd[23294]: queue: queue encryption enabled
Jan 18 11:09:01 test dovecot: imap([email protected]):
Disconnected: Logged out in=518 out=525
Jan 18 11:09:01 test dovecot: imap([email protected]):
Disconnected: Logged out in=1140 out=4376
Jan 18 11:09:01 test dovecot: imap([email protected]):
Disconnected: Logged out in=2201 out=8763
Jan 18 11:09:12 test dovecot: imap-login: Login:
user=<[email protected]>, method=PLAIN, rip=50.59.230.47,
lip=104.207.147.73, mpid=28367, TLS, session=<t4sxbe8MsgAyO+Yv>
Jan 18 11:09:46 test dovecot: imap-login: Login:
user=<[email protected]>, method=PLAIN, rip=50.59.230.47,
lip=104.207.147.73, mpid=25477, TLS, session=<eTU9b+8MngAyO+Yv>
Jan 18 11:09:48 test dovecot: imap-login: Login:
user=<[email protected]>, method=PLAIN, rip=50.59.230.47,
lip=104.207.147.73, mpid=1200, TLS, session=<nvxTb+8MCwAyO+Yv>
Jan 18 11:10:57 test smtpd[12445]: smtp-in: New session dd59f089fd7293d5
from host 50.59.230.47 [50.59.230.47]
Jan 18 11:10:57 test smtpd[12445]: smtp-in: Failed command on session
dd59f089fd7293d5: "MAIL FROM:<[email protected]> SIZE=412" =>
530 5.5.1 Invalid command: Must issue an AUTH command first
$ openssl s_client -connect test.pettijohn-web.com:25 -starttls smtp
CONNECTED(00000003)
ehlo example.com
depth=0 C = US, ST = Texas, L = Alvin, CN = test.pettijohn-web.com,
emailAddress = [email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Texas, L = Alvin, CN = test.pettijohn-web.com,
emailAddress = [email protected]
verify return:1
---
Certificate chain
0
s:/C=US/ST=Texas/L=Alvin/CN=test.pettijohn-web.com/[email protected]
i:/C=US/ST=Texas/L=Alvin/CN=test.pettijohn-web.com/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
a lot of output you don't want to see
-----END CERTIFICATE-----
subject=/C=US/ST=Texas/L=Alvin/CN=test.pettijohn-web.com/[email protected]
issuer=/C=US/ST=Texas/L=Alvin/CN=test.pettijohn-web.com/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 2392 bytes and written 541 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID:
Session-ID-ctx:
Master-Key:
E81AB643F5B4BDA3798379054EB68222AF17A15E8FEE244A638DD0C3D45972C8525A40710A3A9F97F43F6BDE10EAA178
Start Time: 1421598587
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 HELP
250-test.my.domain Hello example.com [50.59.230.47], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 36700160
250-DSN
250-AUTH PLAIN LOGIN
250 HELP
seems like auth is offered to me.
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
