Hugo Monteiro wrote:
Jared Smith wrote:
Hugo Monteiro wrote:
Jared Smith wrote:
Hugo Monteiro wrote:
Jared Smith wrote:
I have enabled TLS but still only getting 250-AUTH LOGIN PLAIN.
sjar...@shine:~$ telnet bart 25
Trying 10.111.45.55...
Connected to bart.xxxxxxx.com.
Escape character is '^]'.
220 bart.xxxxxxx.com ESMTP
ehlo test
250-bart.xxxxxxxx.com
250-PIPELINING
250-SIZE 12582912
250-AUTH LOGIN PLAIN
250 8BITMIME
Below are some output to question I have seen within the list
Compiled with these parms: (I have used a slew of different
values for TLS* these are just my latest)
------------------------------------------------------------------------------------------------------------------------------------
LDAPFLAGS=-DALTQUEUE
LDAPLIBS=-L/usr/local/lib -lldap -llber
LDAPINCLUDES=-I/usr/local/include
TLS=-DTLS_REMOTE -DTLS_SMTPD -DTLSDEBUG
TLSINCLUDES=-I/usr/include/openssl
TLSLIBS=-L/usr/lib -lssl -lcrypto
OPENSSLBIN=/usr/bin/openssl
MNW=-DMAKE_NETSCAPE_WORK
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
SHADOWLIBS=-lcrypt
------------------------------------------------------------------------------------------------------------------------------------
mail:~/qmail-ldap# grep ^TLS Makefile
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/include
TLSLIBS=-L/usr/lib -lssl -lcrypto
r...@bart:/var/qmail/control# ls -la `cat
/var/qmail/control/smtpcert`
------------------------------------------------------------------------------------------------------------------------------------
-rw-r----- 1 qmaild qmail 2002 2009-04-01 10:43
/var/qmail/control/cert.pem
------------------------------------------------------------------------------------------------------------------------------------
r...@bart:/var/qmail/control# ldd /var/qmail/bin/qmail-smtpd
------------------------------------------------------------------------------------------------------------------------------------
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2
(0xb7f96000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e66000)
/lib/ld-linux.so.2 (0xb7fb1000)
------------------------------------------------------------------------------------------------------------------------------------
as you can see, the SSL libs were not linked against qmail-smtpd
mail:~/qmail-ldap# ldd /var/qmail/bin/qmail-smtpd
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7f62000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7f23000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
(0xb7de8000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7dd4000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7ca3000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7c9f000)
/lib/ld-linux.so.2 (0xb7f7e000)
qmail-smtp.rules
------------------------------------------------------------------------------------------------------------------------------------
127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
:allow,NOPBS="",SMTPAUTH="TLSREQUIRED",QMAILQUEUE="/var/qmail/bin/qmail-queue",LOGLEVEL="9"
------------------------------------------------------------------------------------------------------------------------------------
:allow,NOPBS="",SMTPAUTH="TLSREQUIRED",AUTHREQUIRED="",SSLCERT="/etc/ssl/certs/server.pem",QMAILQUEUE="/var/qmail/bin/qmail-queue",LOGLEVEL="9"
Regards,
Hugo Monteiro.
I added that line to qmail-smtp.rules, removed qmail-smtp.cdb, did
a make, and tested and got the same results. Looking at the line
you sent you added AUTHREQUIRED which I understand will block
remote servers sending messages to local users and SSLCERT which I
am thinking is the same thing as having /var/qmail/control/smtpcert.
I appreciate the help, I know the answer is staring me in the face
like the money in the GEICO commercials, I just can't seem to see
it. :)
Jared
Some other hints:
1 - Make sure that qmaild has read access to the certificate file.
2 - Make sure that your certificate file is a concatenation of the
certificate itself and the key. I remember i had some issues with
the order of that concatenation. I just don't remember if it was
with the crt/key order or it was with the definition of the CA chain
i had to include.
Good luck,
Hugo Monteiro.
Thank you so much for the quick reply.
I used qmail's "make cert" command to create the cert I am using now
which gives it the correct user permissions as well as puts the key
and cert both in the pem file.
r...@bart:/var/qmail/control# ls -al cert.pem
-rw-r----- 1 qmaild qmail 2002 2009-04-01 10:43 cert.pem
r...@bart:/var/qmail/control#
Any more thoughts?
Jared
Sorry about not looking to your first message properly in the first
place.
Hope it helps to solve your problem.
R's,
Hugo Monteiro.
That's where I thought the problem might be but I have tried about 5
different values. Here is my attempt with the ones you sent (which I
think I have tried before).
r...@bart:/usr/local/src/qmail/qmail-1.03# vi Makefile
r...@bart:/usr/local/src/qmail/qmail-1.03# grep ^TLS Makefile
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/include
TLSLIBS=-L/usr/lib -lssl -lcrypto
r...@bart:/usr/local/src/qmail/qmail-1.03# svc -d /service/qmail*
r...@bart:/usr/local/src/qmail/qmail-1.03# make setup check
./install
./instcheck
r...@bart:/usr/local/src/qmail/qmail-1.03# svc -u /service/qmail*
r...@bart:/usr/local/src/qmail/qmail-1.03# ldd /var/qmail/bin/qmail-smtpd
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7f4c000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e1c000)
/lib/ld-linux.so.2 (0xb7f67000)
r...@bart:/usr/local/src/qmail/qmail-1.03#
I tried the above settings on an ubuntu and a centos box and got the
same result on both. I know the library is there an in the place it
should. Any ideas why the libraries are not getting linked?
r...@bart:/usr/local/src/qmail/qmail-1.03# locate libssl.so
/usr/lib/i486/libssl.so.0.9.7
/usr/lib/i486/libssl.so.0.9.8
/usr/lib/i586/libssl.so.0.9.7
/usr/lib/i586/libssl.so.0.9.8
/usr/lib/i686/cmov/libssl.so.0.9.7
/usr/lib/i686/cmov/libssl.so.0.9.8
/usr/lib/libssl.so
/usr/lib/libssl.so.0.9.7
/usr/lib/libssl.so.0.9.8
Again thanks for your help.
Jared
