Re: [courier-users] Problem after upgrade
Actually I had same issue, where with my cert I was getting: error:0906D06C:PEM routines:PEM_read_bio:no start line When I tried to run it with cert that was created by mkpop3dcert I found out it's working fine. I compared both .pem files(mine one and one created by mkpop3dcert) and found out that 2nd file is having in additional at the end: -BEGIN DH PARAMETERS- ... -END DH PARAMETERS- This can be generated by running: dd if=/dev/urandom of=/tmp/tmp.rand count=1 2/dev/null /usr/bin/openssl gendh -rand /tmp/tmp.rand 512 /YOUR/CERT.PEM rm /tmp/tmp.rand I hope it will help you as well. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
On 2014.04.14 15:20, Sam Varshavchik wrote: http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key It wasn't mentioned where the original private key came from. I haven't checked, but if you're using openssl, there should be a way to convert the private key to pkcs8 format. According to http://courses.cs.ut.ee/2012/appcrypto/10/01 try openssl pkcs8 -topk8 -nocrypt On 14.04.14 19:25, Vytautas Kasparavičius wrote: I converted private key with no luck, still getting this error. Why everything was OK with older courier versions(0.71 and older) I'm using this key for 3 or more years without problems. What do you have couriertls linked with - openssl or gnutls? What did you have before? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Problem after upgrade
Hello, Courier-mta on Fedora19 with all latest updates. Installed from rpm. After upgrade from 0.71 to 0.73.1 started getting errors on some outgoing messages: Apr 14 09:43:31 mail courieresmtp: id=138F495D.534B8386.5A4A,from=i...@plasta.lt,addr=i...@baltictranslations.lt: 400 couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line [root@mail tmp]# cat /etc/pki/tls/certs/gdcertpack.pem -BEGIN RSA PRIVATE KEY- skipped -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- skipped -END CERTIFICATE- What is wrong? -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
On 2014.04.14 10:12, Vytautas Kasparavičius wrote: Hello, Courier-mta on Fedora19 with all latest updates. Installed from rpm. After upgrade from 0.71 to 0.73.1 started getting errors on some outgoing messages: Apr 14 09:43:31 mail courieresmtp: id=138F495D.534B8386.5A4A,from=i...@plasta.lt,addr=i...@baltictranslations.lt: 400 couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line [root@mail tmp]# cat /etc/pki/tls/certs/gdcertpack.pem -BEGIN RSA PRIVATE KEY- skipped -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- skipped -END CERTIFICATE- What is wrong? Vytautai, Check for DOS-style line endings. -- Aidas Kasparas IT administrator GM Consult Group, UAB +370 686 08473 http://www.gmc.lt -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
On 2014.04.14 11:06, Aidas Kasparas wrote: On 2014.04.14 10:12, Vytautas Kasparavičius wrote: Hello, Courier-mta on Fedora19 with all latest updates. Installed from rpm. After upgrade from 0.71 to 0.73.1 started getting errors on some outgoing messages: Apr 14 09:43:31 mail courieresmtp: id=138F495D.534B8386.5A4A,from=i...@plasta.lt,addr=i...@baltictranslations.lt: 400 couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line [root@mail tmp]# cat /etc/pki/tls/certs/gdcertpack.pem -BEGIN RSA PRIVATE KEY- skipped -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- skipped -END CERTIFICATE- What is wrong? Vytautai, Check for DOS-style line endings. In file gdcertpack.pem file here is no DOS-style endings, File was not touched when upgrading. Before upgrade everything was OK, error appeared only after upgrade. -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
On 2014.04.14 13:57, Sam Varshavchik wrote: Vytautas Kasparavičius writes: Hello, Courier-mta on Fedora19 with all latest updates. Installed from rpm. After upgrade from 0.71 to 0.73.1 started getting errors on some outgoing messages: Apr 14 09:43:31 mail courieresmtp: id=138F495D.534B8386.5A4A,from=i...@plasta.lt,addr=i...@baltictranslations.lt: 400 couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line [root@mail tmp]# cat /etc/pki/tls/certs/gdcertpack.pem -BEGIN RSA PRIVATE KEY- skipped -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- skipped -END CERTIFICATE- What is wrong? Should be just BEGIN PRIVATE KEY and END PRIVATE KEY. -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users After changing -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- To -BEGIN PRIVATE KEY- -END PRIVATE KEY- I'm getting following errors Apr 14 14:13:20 mail imapd-ssl: couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag Apr 14 14:13:27 mail esmtpd-ssl: couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
On 04/14/14 21:23, Vytautas Kasparavičius wrote: I'm getting following errors Apr 14 14:13:20 mail imapd-ssl: couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag Apr 14 14:13:27 mail esmtpd-ssl: couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag It depends which part is being delimited... cat server.key server.crt server.ca /etc/courier/esmtpd.pem ~ cat /etc/courier/esmtpd.pem -BEGIN PRIVATE KEY- [ original private key ] -END PRIVATE KEY- -BEGIN CERTIFICATE- [ cert returned from authority, or self signed ] -END CERTIFICATE- -BEGIN CERTIFICATE- [ intermediate cert if chained (ie; cheap RapidSSL) ] -END CERTIFICATE- -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
Vytautas Kasparavičius writes: After changing -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- To -BEGIN PRIVATE KEY- -END PRIVATE KEY- I'm getting following errors It's not a matter of manually editing the file. It's the wrong key format. See http://stackoverflow.com/questions/20065304/what-is-the-differences-between- begin-rsa-private-key-and-begin-private-key It wasn't mentioned where the original private key came from. I haven't checked, but if you're using openssl, there should be a way to convert the private key to pkcs8 format. According to http://courses.cs.ut.ee/ 2012/appcrypto/10/01 try openssl pkcs8 -topk8 -nocrypt Alternatively, you can simply remove this file, and use mkesmtpdcert to generate a new certificate and key. pgpE4e0BiK8Su.pgp Description: PGP signature -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
On 2014.04.14 15:20, Sam Varshavchik wrote: Vytautas Kasparavičius writes: After changing -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- To -BEGIN PRIVATE KEY- -END PRIVATE KEY- I'm getting following errors It's not a matter of manually editing the file. It's the wrong key format. See http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key It wasn't mentioned where the original private key came from. I haven't checked, but if you're using openssl, there should be a way to convert the private key to pkcs8 format. According to http://courses.cs.ut.ee/2012/appcrypto/10/01 try openssl pkcs8 -topk8 -nocrypt Again, I converted private key with no luck, still getting this error. Why everything was OK with older courier versions(0.71 and older) I'm using this key for 3 or more years without problems. -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
Vytautas Kasparavičius writes: On 2014.04.14 15:20, Sam Varshavchik wrote: Vytautas Kasparavičius writes: After changing -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- To -BEGIN PRIVATE KEY- -END PRIVATE KEY- I'm getting following errors It's not a matter of manually editing the file. It's the wrong key format. See http://stackoverflow.com/questions/20065304/what-is-the-differences- between-begin-rsa-private-key-and-begin-private-key It wasn't mentioned where the original private key came from. I haven't checked, but if you're using openssl, there should be a way to convert the private key to pkcs8 format. According to http://courses.cs.ut.ee/2012/appcrypto/10/01 try openssl pkcs8 -topk8 -nocrypt Again, I converted private key with no luck, still getting this error. Why everything was OK with older courier versions(0.71 and older) I'm using this key for 3 or more years without problems. Just for analysis, set aside the existing certificate file, and create a fresh one with mkesmtpdcert. pgpXk2YxcdRTY.pgp Description: PGP signature -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] problem after upgrade to 0.44
Original Message From: Lars HolmströmTo: [EMAIL PROTECTED]Sent: Tuesday, December 02, 2003 3:20 PMSubject: [courier-users] problem after upgrade to 0.44 Please turn off the html mail. I downloaded the tarball for 0.44, build the RPMs and did an rpm -Uvh on my 0.42 courier running RH8.0 system All users can run IMAP and pop All users can run WEBmail A lot of mails are received from hosts on internet. My local users connected via LAN behind a NAT box have problems though First i tested the name resolver # testmxlookup pc033.flysta.net Domain pc033.flysta.net: Relay: pc033.flysta.net, Priority: -1, Address: :::172.24.99.78 # I believe this is OK. Then I tcpdumped to see what is going on. 20:52:22.421153 pc033.flysta.net.3845 mail2.smtp: S 188649764:188649764(0) win 16384 mss 1460,nop,nop,sackOK (DF) 20:52:22.421228 mail2.smtp pc033.flysta.net.3845: S 527037979:527037979(0) ack 188649765 win 5840 mss 1460,nop,nop,sackOK (DF) 20:52:22.423134 pc033.flysta.net.3845 mail2.smtp: . ack 1 win 17520 (DF) 20:52:22.455716 mail2.45023 pc033.flysta.net.auth: S 540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 787112492 0,nop,wscale 0 (DF) 20:52:25.453642 mail2.45023 pc033.flysta.net.auth: S 540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 787112792 0,nop,wscale 0 (DF) 20:52:31.453622 mail2.45023 pc033.flysta.net.auth: S 540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 787113392 0,nop,wscale 0 (DF) 20:52:40.624503 arp who-has 172.24.99.5 tell pc033.flysta.net 20:52:43.453568 mail2.45023 pc033.flysta.net.auth: S 540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 787114592 0,nop,wscale 0 (DF) Why does the mailserver try to talk with the auth socket ? it is doing an ident lookup After the last packet in the tcpdump above, nothing more happend and the client will timeout. This happend both with Outlookand Outlook Express. But running Outlook express to another mailserver also running 0.44 works. Loggin in via WEBmail from runs OK. I think the ident timeout is over 30 seconds, perhaps outlook doesnt like to wait? The other option would be to turn off ident lookups Can some one pls give me some ideas for where to look for the problem ? /Lars
[courier-users] problem after upgrade to 0.44
I downloaded the tarball for 0.44, build the RPMs and did an rpm -Uvh on my0.42 courier running RH8.0 system All users can run IMAP and popAll users can run WEBmailA lot of mails are received from hosts on internet.My local users connected via LAN behind a NAT box have problems though First i tested the name resolver# testmxlookup pc033.flysta.netDomain pc033.flysta.net:Relay: pc033.flysta.net, Priority: -1, Address: :::172.24.99.78# I believe this is OK.Then I tcpdumped to see what is going on. 20:52:22.421153 pc033.flysta.net.3845 mail2.smtp: S 188649764:188649764(0)win 16384 mss 1460,nop,nop,sackOK (DF)20:52:22.421228 mail2.smtp pc033.flysta.net.3845: S 527037979:527037979(0)ack 188649765 win 5840 mss 1460,nop,nop,sackOK (DF)20:52:22.423134 pc033.flysta.net.3845 mail2.smtp: . ack 1 win 17520 (DF)20:52:22.455716 mail2.45023 pc033.flysta.net.auth: S540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 7871124920,nop,wscale 0 (DF)20:52:25.453642 mail2.45023 pc033.flysta.net.auth: S540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 7871127920,nop,wscale 0 (DF)20:52:31.453622 mail2.45023 pc033.flysta.net.auth: S540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 7871133920,nop,wscale 0 (DF)20:52:40.624503 arp who-has 172.24.99.5 tell pc033.flysta.net20:52:43.453568 mail2.45023 pc033.flysta.net.auth: S540138836:540138836(0) win 5840 mss 1460,sackOK,timestamp 7871145920,nop,wscale 0 (DF) Why does the mailserver try to talk with the auth socket ? After the last packet in the tcpdump above, nothing more happend and theclient will timeout. This happend both with Outlookand Outlook Express. Butrunning Outlook express to another mailserver also running 0.44 works.Loggin in via WEBmail from runs OK. Can some one pls give me some ideas for where to look for the problem ? /Lars
[courier-users] Problem after upgrade
I just upgraded my Courier-IMAP install from 1.4.3 to 2.0 on a FreeBSD 4.8-RELEASE system. All our POP3 users (who use the flag 'leave mail on server' in OE), get thei're e-mail again! .. I used the 'portupgrade' feature for the job. What can be the problem here? Thanks in advance, Remco Bressers --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users