Hugo Monteiro wrote:
Jared Smith wrote:
Hugo Monteiro wrote:
Jared Smith wrote:
Hugo Monteiro wrote:
Jared Smith wrote:
Hugo Monteiro wrote:
Jared Smith wrote:
I have enabled TLS but still only getting 250-AUTH LOGIN PLAIN.
sjar...@shine:~$ telnet bart 25
Trying 10.111.45.55...
Connected to bart.xxxxxxx.com.
Escape character is '^]'.
220 bart.xxxxxxx.com ESMTP
ehlo test
250-bart.xxxxxxxx.com
250-PIPELINING
250-SIZE 12582912
250-AUTH LOGIN PLAIN
250 8BITMIME
Below are some output to question I have seen within the list
Compiled with these parms: (I have used a slew of different
values for TLS* these are just my latest)
------------------------------------------------------------------------------------------------------------------------------------
LDAPFLAGS=-DALTQUEUE
LDAPLIBS=-L/usr/local/lib -lldap -llber
LDAPINCLUDES=-I/usr/local/include
TLS=-DTLS_REMOTE -DTLS_SMTPD -DTLSDEBUG
TLSINCLUDES=-I/usr/include/openssl
TLSLIBS=-L/usr/lib -lssl -lcrypto
OPENSSLBIN=/usr/bin/openssl
MNW=-DMAKE_NETSCAPE_WORK
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
SHADOWLIBS=-lcrypt
------------------------------------------------------------------------------------------------------------------------------------
mail:~/qmail-ldap# grep ^TLS Makefile
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/include
TLSLIBS=-L/usr/lib -lssl -lcrypto
r...@bart:/var/qmail/control# ls -la `cat
/var/qmail/control/smtpcert`
------------------------------------------------------------------------------------------------------------------------------------
-rw-r----- 1 qmaild qmail 2002 2009-04-01 10:43
/var/qmail/control/cert.pem
------------------------------------------------------------------------------------------------------------------------------------
r...@bart:/var/qmail/control# ldd /var/qmail/bin/qmail-smtpd
------------------------------------------------------------------------------------------------------------------------------------
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2
(0xb7f96000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e66000)
/lib/ld-linux.so.2 (0xb7fb1000)
------------------------------------------------------------------------------------------------------------------------------------
as you can see, the SSL libs were not linked against qmail-smtpd
mail:~/qmail-ldap# ldd /var/qmail/bin/qmail-smtpd
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7f62000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7f23000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
(0xb7de8000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7dd4000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7ca3000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7c9f000)
/lib/ld-linux.so.2 (0xb7f7e000)
qmail-smtp.rules
------------------------------------------------------------------------------------------------------------------------------------
127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
:allow,NOPBS="",SMTPAUTH="TLSREQUIRED",QMAILQUEUE="/var/qmail/bin/qmail-queue",LOGLEVEL="9"
------------------------------------------------------------------------------------------------------------------------------------
:allow,NOPBS="",SMTPAUTH="TLSREQUIRED",AUTHREQUIRED="",SSLCERT="/etc/ssl/certs/server.pem",QMAILQUEUE="/var/qmail/bin/qmail-queue",LOGLEVEL="9"
Regards,
Hugo Monteiro.
I added that line to qmail-smtp.rules, removed qmail-smtp.cdb,
did a make, and tested and got the same results. Looking at the
line you sent you added AUTHREQUIRED which I understand will
block remote servers sending messages to local users and SSLCERT
which I am thinking is the same thing as having
/var/qmail/control/smtpcert.
I appreciate the help, I know the answer is staring me in the
face like the money in the GEICO commercials, I just can't seem
to see it. :)
Jared
Some other hints:
1 - Make sure that qmaild has read access to the certificate file.
2 - Make sure that your certificate file is a concatenation of the
certificate itself and the key. I remember i had some issues with
the order of that concatenation. I just don't remember if it was
with the crt/key order or it was with the definition of the CA
chain i had to include.
Good luck,
Hugo Monteiro.
Thank you so much for the quick reply.
I used qmail's "make cert" command to create the cert I am using
now which gives it the correct user permissions as well as puts the
key and cert both in the pem file.
r...@bart:/var/qmail/control# ls -al cert.pem
-rw-r----- 1 qmaild qmail 2002 2009-04-01 10:43 cert.pem
r...@bart:/var/qmail/control#
Any more thoughts?
Jared
Sorry about not looking to your first message properly in the first
place.
Hope it helps to solve your problem.
R's,
Hugo Monteiro.
That's where I thought the problem might be but I have tried about 5
different values. Here is my attempt with the ones you sent (which I
think I have tried before).
r...@bart:/usr/local/src/qmail/qmail-1.03# vi Makefile
r...@bart:/usr/local/src/qmail/qmail-1.03# grep ^TLS Makefile
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/include
TLSLIBS=-L/usr/lib -lssl -lcrypto
r...@bart:/usr/local/src/qmail/qmail-1.03# svc -d /service/qmail*
r...@bart:/usr/local/src/qmail/qmail-1.03# make setup check
./install
./instcheck
r...@bart:/usr/local/src/qmail/qmail-1.03# svc -u /service/qmail*
r...@bart:/usr/local/src/qmail/qmail-1.03# ldd
/var/qmail/bin/qmail-smtpd
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7f4c000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e1c000)
/lib/ld-linux.so.2 (0xb7f67000)
r...@bart:/usr/local/src/qmail/qmail-1.03# I tried the above
settings on an ubuntu and a centos box and got the same result on
both. I know the library is there an in the place it should. Any
ideas why the libraries are not getting linked?
r...@bart:/usr/local/src/qmail/qmail-1.03# locate libssl.so
/usr/lib/i486/libssl.so.0.9.7
/usr/lib/i486/libssl.so.0.9.8
/usr/lib/i586/libssl.so.0.9.7
/usr/lib/i586/libssl.so.0.9.8
/usr/lib/i686/cmov/libssl.so.0.9.7
/usr/lib/i686/cmov/libssl.so.0.9.8
/usr/lib/libssl.so
/usr/lib/libssl.so.0.9.7
/usr/lib/libssl.so.0.9.8
Again thanks for your help.
Jared
When you hit make, do you see reference to -DTLS_SMTPD in the output
lines that start with ./compile ?
If not, try adding -DTLS_SMTPD and -DTLS_REMOTE directly in the
LDAPFLAGS= line in the beginning of the Makefile.
Also another thing ... Are you running make clean after making the
changes to the Makefile? ... If you're not, you're not really
recompiling, but just preforming the installation routines over and over.
Be sure to run "make clean" right before of the next "make setup
check" ... I personally like to do it in three steps, "make", "make
setup" and only then "make check".
Good luck,
Hugo Monteiro.
DOH!!!!! You uncovered my weakness! I wasn't doing a make clean. It
works now
sjar...@shine:~$ telnet bart 25
Trying 10.111.45.55...
Connected to bart.xxxxxxxxxx.com.
Escape character is '^]'.
220 bart.xxxxxxxxxxxx.com ESMTP
ehlo testing
250-bart.xxxxxxxxxxxx.com
250-PIPELINING
250-SIZE 12582912
250-STARTTLS
250 8BITMIME
Thanks for your patience. I know it would be something easy like that.
Jared
