[EMAIL PROTECTED] wrote: > Hi Eric, > > looking in the archives, I noticed that in some cases, qmailctl would not > start/stop all the process and sometimes you need to stop them manually. > Up until thursday(july 3rd), when I made a new tls certificate, I have > always been able to stop/start the toaster with qmailctl. > > I noticed this in my /var/log/qmail/pop3-ssl > Enter PEM pass phrase:tcpserver: status: 2/40 > @400000004870446e2fe31dfc tcpserver: pid 17144 from 32.134.75.224
Here's your problem. You need to create the cert with no pass phrase, because there's no way for qmail to access it (entering the pass phrase) that way. > I was able to set the cert when I first set up my server, but that was a > while ago. Im not sure what Im doing wrong. Im using centos 5 and I used > http://wiki.qmailtoaster.com/index.php/Certificate to sign my own cert. Looks like somehow step 2 got missed. > Apache is very slow when going to webmail and pop3/imapd is not allowing > any connections. There are several couriertls instances running in top. That would be symptomatic. > Whatever is running is really causing my server to run slow. SSH is timing > out and/or running slow periodically as well. > > If this is a cert issue, > would this be the correct way to set the cert with Centos 5? > # cd /etc/pki/tls/certs > # make stunnel.pem > # mv stunnel.pem /var/qmail/control/servercert.pem > # cd /var/qmail/control > # chown root:qmail /var/qmail/control/servercert.pem > # chmod 644 /var/qmail/control/servercert.pem > # ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem I don't know off hand. > Im alittle confused on the permissions. The perms set for servercert.pem > above this method on the cert page uses these perms > > # chown root:vchkpw /var/qmail/control/servercert.pem > # chmod 640 /var/qmail/control/servercert.pem These are the correct permissions for that file. > Thanks for all your help, Sure. Just out of curiousity, is LSU using the toaster, or is this just a project of yours? > Chris Penn... > > 1) restarting qmail doesn't stop and start all toaster-related processes, > only smtp > 2) stopping qmail doesn't always successfully stop all toaster-related > processes. Sometimes you need to manually kill some of them. When in doubt, > rebooting will clear them all. > > [EMAIL PROTECTED] wrote: >> Sorry for the double post, I needed to resend because the first issue >> didnt have the message included. >> >> >> I think the issue is with the certificate. >> >> When I restart qmail, the message >> supervise: fatal: unable to acquire log/supervise/lock: temporary failure >> >> starts to appear in terminal. Unless I logout and log back in, the >> message continues forever. >> >> This problem is causing pop/imap to fail connection and the apache is >> really slow when resolving page. >> >> I appear to be able to send my self emails and send emails out through >> squirrel mail, but in case there is an issue, please cc me at >> [EMAIL PROTECTED] >> >> Any advice is welcome. >> >> Thanks in advance, >> >> Chris Penn >> >> >>> I have a Centos 5 qmailtoaster as described here: >>> http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install >>> >>> >>> When I restart qmail with qmailctl (via stop, start) I am getting this >>> error. >>> supervise: fatal: unable to acquire log/supervise/lock: temporary failure >>> >>> over and over. >>> >>> On thursday, I did two things. >>> I created a new tls cert and servercert.pem, self signed. >>> >>> I upgraded the qmailtoaster using qtp-newmodel, which in turn upgrade clam >>> to .93. >>> >>> the way I created a new cert is as follows: >>> >>> openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key >>> 1024 >>> openssl req -new -key server.key -out server.csr >>> openssl x509 -req -days 3600 -in server.csr -signkey server.key -out >>> server.crt >>> cat /etc/pki/tls/private/server.key server.crt > >>> /var/qmail/control/servercert.pem >>> chown root:vchkpw /var/qmail/control/servercert.pem >>> chmod 640 /var/qmail/control/servercert.pem >>> > > -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
