Re: [courier-users] Build 20170309 of Courier packages
On 03/15/2017 06:17 PM, Sam Varshavchik wrote: > Ok, this actually turned out to be a small typo. Fixed in the > just-uploaded 20170315, and it builds for me. courier-unicode does build. However, I'm unable to build the new courier package with it installed (also under mock). https://paste.fedoraproject.org/paste/X1s-KLD0Eaiz9otZerh-wl5M1UNdIGYhyRLivL9gydE= -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Courier build 20170315
Download: http://www.courier-mta.org/download.html Changes: - Fix TLS peer hostname verification issue caused by CNAME records. pgpqnefY9mxD_.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Build 20170309 of Courier packages
Gordon Messmer writes: On 03/11/2017 11:20 AM, Sam Varshavchik wrote: > • A few more tweaks to the courier-unicode configuration script. Building in mock fails on CentOS 7: https://paste.fedoraproject.org/paste/knoYv8gNHfxhfF3flIz6EF5M1UNdIGYhyRLivL9gydE= Ok, this actually turned out to be a small typo. Fixed in the just-uploaded 20170315, and it builds for me. pgpsFJiX7PdJ6.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Build 20170309 of Courier packages
On 03/11/2017 11:20 AM, Sam Varshavchik wrote: > • A few more tweaks to the courier-unicode configuration script. Building in mock fails on CentOS 7: https://paste.fedoraproject.org/paste/knoYv8gNHfxhfF3flIz6EF5M1UNdIGYhyRLivL9gydE= -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"
SZÉPE Viktor writes: Thank you for your answer. $ grep ^TLS_VERIFYPEER /etc/courier/* /etc/courier/courierd:TLS_VERIFYPEER=NONE /etc/courier/esmtpd:TLS_VERIFYPEER=NONE Look in /proc and verify what TLS_VERIFYPEER is set to. This is a certificate verification error, and TLS_VERIFYPEER=NONE disables it. Also verify that TLS_TRUSTCERTS is pointing to your trusted certificate authority list. With the CA certs on Fedora in /etc/pki/tls/cert.pem: $ addcr | TLS_VERIFYPEER=PEER TLS_TRUSTCERTS=/etc/pki/tls/cert.pem ./couriertls -host=email-smtp.us-west-2.amazonaws.com -port=587 -protocol=smtp 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227 mCOkgyUFhRGTqHk4KAqP EHLO octopus.email-scan.com 250-email-smtp.amazonaws.com 250-8BITMIME 250-SIZE 10485760 250-STARTTLS 250-AUTH PLAIN LOGIN 250 Ok STARTTLS 220 Ready to start TLS EHLO www.courier-mta.com 250-email-smtp.amazonaws.com 250-8BITMIME 250-SIZE 10485760 250-STARTTLS 250-AUTH PLAIN LOGIN 250 Ok pgpmPVsCOdNab.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"
Idézem/Quoting Sam Varshavchik: > SZÉPE Viktor writes: > >> 6) telnet email-smtp.us-west-2.amazonaws.com 587 >> 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227 >> MmKC14V2dPS1oRPRtSjF >> >> Courier says: /SECURITY=REQUIRED set, but TLS is not available >> Could it be that Courier compares the SMTP banner >> (email-smtp.amazonaws.com) to the certificate CN, not the specified >> host name (email-smtp.us-west-2.amazonaws.com) ? > > Looks like that server uses a self-signed certificate, and if it's > not added to your trusted certificate store, TLS negotiation will > fail. > > You would think that Amazon has the resources to pay itself a few > bucks each year, for a properly signed certificate. > > You'll have to reset TLS_VERIFYPEER to NONE, in the esmtpd-ssl config file. Thank you for your answer. $ grep ^TLS_VERIFYPEER /etc/courier/* /etc/courier/courierd:TLS_VERIFYPEER=NONE /etc/courier/esmtpd:TLS_VERIFYPEER=NONE esmtpd-ssl is not installed (on Debian it is the courier-mta-ssl package) Amazon has a properly signed certificate. Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4 You may get it by openssl s_client -connect email-smtp.us-west-2.amazonaws.com:587 -starttls smtp -crlf Please try adding this to esmtproutes #: email-smtp.us-west-2.amazonaws.com,587 /SECURITY=REQUIRED and this to esmtpauthclient email-smtp.us-west-2.amazonaws.com,587 SOMEID SOMEKEY and try to send a simple email with courier. I do hope Amazon SES is supported. Thank you! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"
SZÉPE Viktor writes: 6) telnet email-smtp.us-west-2.amazonaws.com 587 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227 MmKC14V2dPS1oRPRtSjF Courier says: /SECURITY=REQUIRED set, but TLS is not available Could it be that Courier compares the SMTP banner (email-smtp.amazonaws.com) to the certificate CN, not the specified host name (email-smtp.us-west-2.amazonaws.com) ? Looks like that server uses a self-signed certificate, and if it's not added to your trusted certificate store, TLS negotiation will fail. You would think that Amazon has the resources to pay itself a few bucks each year, for a properly signed certificate. You'll have to reset TLS_VERIFYPEER to NONE, in the esmtpd-ssl config file. pgptGSH94vCGy.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"
Hello! I hope Amazon SES is "supported" by courier. 0) courier 0.73.1-1.6 libssl 1.0.1t-1+deb8u6 1) SES requires STARTTLS, so without /SECURITY=REQUIRED SES says: 530 Must issue a STARTTLS command first 2) TLS_VERIFYPEER=NONE in courierd 3) openssl s_client -connect email-smtp.us-west-2.amazonaws.com:587 -starttls smtp -crlf says: subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=email-smtp.us-west-2.amazonaws.com issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 Verify return code: 0 (ok) 4) ECDHE-RSA-AES256-GCM-SHA384 is used during s_client, it is in TLS_CIPHER_LIST 5) in esmtproutes: : email-smtp.us-west-2.amazonaws.com,587 /SECURITY=REQUIRED 6) telnet email-smtp.us-west-2.amazonaws.com 587 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227 MmKC14V2dPS1oRPRtSjF Courier says: /SECURITY=REQUIRED set, but TLS is not available Could it be that Courier compares the SMTP banner (email-smtp.amazonaws.com) to the certificate CN, not the specified host name (email-smtp.us-west-2.amazonaws.com) ? Thank you! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users