Hugo Monteiro wrote:
Jared Smith wrote:
Hugo Monteiro wrote:
Jared Smith wrote:
I have enabled TLS but still only getting 250-AUTH LOGIN PLAIN.
sjar...@shine:~$ telnet bart 25
Trying 10.111.45.55...
Connected to bart.xxxxxxx.com.
Escape character is '^]'.
220 bart.xxxxxxx.com ESMTP
ehlo test
250-bart.xxxxxxxx.com
250-PIPELINING
250-SIZE 12582912
250-AUTH LOGIN PLAIN
250 8BITMIME
Below are some output to question I have seen within the list
Compiled with these parms: (I have used a slew of different values
for TLS* these are just my latest)
------------------------------------------------------------------------------------------------------------------------------------
LDAPFLAGS=-DALTQUEUE
LDAPLIBS=-L/usr/local/lib -lldap -llber
LDAPINCLUDES=-I/usr/local/include
TLS=-DTLS_REMOTE -DTLS_SMTPD -DTLSDEBUG
TLSINCLUDES=-I/usr/include/openssl
TLSLIBS=-L/usr/lib -lssl -lcrypto
OPENSSLBIN=/usr/bin/openssl
MNW=-DMAKE_NETSCAPE_WORK
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
SHADOWLIBS=-lcrypt
------------------------------------------------------------------------------------------------------------------------------------
r...@bart:/var/qmail/control# ls -la `cat /var/qmail/control/smtpcert`
------------------------------------------------------------------------------------------------------------------------------------
-rw-r----- 1 qmaild qmail 2002 2009-04-01 10:43
/var/qmail/control/cert.pem
------------------------------------------------------------------------------------------------------------------------------------
r...@bart:/var/qmail/control# ldd /var/qmail/bin/qmail-smtpd
------------------------------------------------------------------------------------------------------------------------------------
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2
(0xb7f96000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e66000)
/lib/ld-linux.so.2 (0xb7fb1000)
------------------------------------------------------------------------------------------------------------------------------------
qmail-smtp.rules
------------------------------------------------------------------------------------------------------------------------------------
127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
:allow,NOPBS="",SMTPAUTH="TLSREQUIRED",QMAILQUEUE="/var/qmail/bin/qmail-queue",LOGLEVEL="9"
------------------------------------------------------------------------------------------------------------------------------------
:allow,NOPBS="",SMTPAUTH="TLSREQUIRED",AUTHREQUIRED="",SSLCERT="/etc/ssl/certs/server.pem",QMAILQUEUE="/var/qmail/bin/qmail-queue",LOGLEVEL="9"
Regards,
Hugo Monteiro.
I added that line to qmail-smtp.rules, removed qmail-smtp.cdb, did a
make, and tested and got the same results. Looking at the line you
sent you added AUTHREQUIRED which I understand will block remote
servers sending messages to local users and SSLCERT which I am
thinking is the same thing as having /var/qmail/control/smtpcert.
I appreciate the help, I know the answer is staring me in the face
like the money in the GEICO commercials, I just can't seem to see
it. :)
Jared
Some other hints:
1 - Make sure that qmaild has read access to the certificate file.
2 - Make sure that your certificate file is a concatenation of the
certificate itself and the key. I remember i had some issues with the
order of that concatenation. I just don't remember if it was with the
crt/key order or it was with the definition of the CA chain i had to
include.
Good luck,
Hugo Monteiro.
Thank you so much for the quick reply.
I used qmail's "make cert" command to create the cert I am using now
which gives it the correct user permissions as well as puts the key and
cert both in the pem file.
r...@bart:/var/qmail/control# ls -al cert.pem
-rw-r----- 1 qmaild qmail 2002 2009-04-01 10:43 cert.pem
r...@bart:/var/qmail/control#
Any more thoughts?
Jared
