[qmailtoaster] Please HELP: TLS Issues?

[Alex]

Hi,   How do I find out if my TLS is working correctly? I am not sure if its working as people complained that its does not and that password authentication on the server over ssl is not encrypted. I’ve done everything according to the instructions on this list to set up the certs and bought the certs from godaddy.   First I ran:   telnet localhost 25 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. 220 ikmta.Domain.com - Domain Inc. ESMTP ehlo 250-ikmta.Domain.com - Domain Inc. 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 409715200 250 AUTH LOGIN PLAIN CRAM-MD5 (does this mean authentication is not encrypted?, if so how can it be encypted) starttls 220 ready for tls auth login user 454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0) Connection closed by foreign host.     Then Ran   openssl s_client -starttls smtp -showcerts -connect localhost:25 and got the following. Does it look ok or is there a visible problem?     CONNECTED(00000003) depth=0 /O=ikmta.domain.com/OU=Domain Control Validated/CN=ikmta.domain.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /O=ikmta.domain.com/OU=Domain Control Validated/CN=ikmta.domain.com verify error:num=27:certificate not trusted verify return:1 depth=0 /O=ikmta.domain.com/OU=Domain Control Validated/CN=ikmta.domain.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain  0 s:/O=ikmta.domain.com/OU=Domain Control Validated/CN=ikmta.domain.com    i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/emailAddress[EMAIL PROTECTED] -----BEGIN CERTIFICATE----- MIIEcDCCA9mgAwIBAgIDPWObMA0GCSqGSIb3DQEBBQUAMIHsMQswCQYDVQQGEwJV UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEwMC4GA1UECxMnaHR0cDov L3d3dy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5MTEwLwYDVQQDEyhTdGFy ZmllbGQgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSowKAYJKoZIhvcN AQkBFhtwcmFjdGljZXNAc3RhcmZpZWxkdGVjaC5jb20wHhcNMDYwMTI0MDQ1NzE3 WhcNMDcwMTI0MDQ1NzE3WjBbMRowGAYDVQQKExFpa210YS5pcm9ua2V5LmNvbTEh MB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRowGAYDVQQDExFpa210 cnkvc2ZfaXNzdWluZy5jcnQwHQYDVR0OBBYEFILWtcJCfCD++uvheuYt2jeJJNzY MB8GA1UdIwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SU+jO7nMA0GCSqGSIb3DQEBBQUA hj9odHRwOi8vY2VydGlmaWNhdGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRv cnkvc2ZfaXNzdWluZy5jcnQwHQYDVR0OBBYEFILWtcJCfCD++uvheuYt2jeJJNzY MB8GA1UdIwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SU+jO7nMA0GCSqGSIb3DQEBBQUA cnkvc2ZfaXNzdWluZy5jcnQwHQYDVR0OBBYEFILWtcJCfCD++uvheuYt2jeJJNzY MB8GA1UdIwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SU+jO7nMA0GCSqGSIb3DQEBBQUA 17uW2Xx/FaLo9TggwtveExnzDRi03czumd6puT1/536yyh+QRod4PgGpscQ4rOMv mevfni9V28DlaGdnsIR7OMxQD0yHf6NrQHGxQyarz9NwrZTL -----END CERTIFICATE----- --- Server certificate subject=/O=ikmta.domain.com/OU=Domain Control Validated/CN=ikmta.domain.com issuer=/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/emailAddress[EMAIL PROTECTED] --- No client certificate CA names sent --- SSL handshake has read 1767 bytes and written 350 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session:     Protocol  : TLSv1     Cipher    : DHE-RSA-AES256-SHA     Session-ID: wQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUFCC55C84EF97F3F436E511B8A77A     Session-ID-ctx:     Master-Key: wQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUwQYM     Key-Arg   : None     Krb5 Principal: None     Start Time: 1156821278     Timeout   : 300 (sec)     Verify return code: 21 (unable to verify the first certificate) --- 220 ikmta.domain.com - domain Inc. ESMTP   Also  I did