Re: [courier-users] New courier and courier-imap release
Sam Varshavchik writes:
Mark Constable writes:
I finally have a 0.76.0 ubuntu install to test and trying to get this to
work...
> - courier, courier-imap: add support for TLS SNI when Courier is built
with OpenSSL.
I've added this vhost settings but no sign the LetsEncrypt certificate is
being delivered to Thunderbird.
~ ls -1 /etc/courier/*renta.net
defaultdomain.ded1649.renta.net
dsnfrom.ded1649.renta.net
esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
vhost.ded1649.renta.net
../ssl/ded1649.renta.net/mailserver.pem does exist and the default one
for the canonical host does work okay.
Is there some other settings I am missing?
No, there are no other settings, presuming TLS_CERTFILE in imapd-ssl points
to imapd.pem, and Thunderbird is configured with the given hostname.
A debugging tip.
Find the pid that's listening on localhost, then run strace on it. In my
case it's pid 15018.
# strace -s 256 -f -o z -p 15018
Then, use couriertls like this:
TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=none couriertls \
-host=localhost -port=143 -protocol=imap -verify=localhost
Fedora installs all trusted certs in /etc/pki/tls/cert.pem; use the
equivalent for Debian, Ubuntu, etc…
The connection attempt will fail to verify the "localhost" certificate, of
course. That's fine. Then:
# grep imapd.pem z
2734 access("/usr/lib/courier-imap/share/imapd.pem.localhost", R_OK) = -1
ENOENT (No such file or directory)
2734 access("/usr/lib/courier-imap/share/imapd.pem", R_OK) = 0
2734 open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 10
That shows that the server process tried to open imapd.pem.localhost, first.
There's a harmless debugging message there, that slipped by me, that I'll
need to remove.
pgpOOnMtjbxaB.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] New courier and courier-imap release
Mark Constable writes: I finally have a 0.76.0 ubuntu install to test and trying to get this to work... > - courier, courier-imap: add support for TLS SNI when Courier is built with OpenSSL. I've added this vhost settings but no sign the LetsEncrypt certificate is being delivered to Thunderbird. ~ ls -1 /etc/courier/*renta.net defaultdomain.ded1649.renta.net dsnfrom.ded1649.renta.net esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem vhost.ded1649.renta.net ../ssl/ded1649.renta.net/mailserver.pem does exist and the default one for the canonical host does work okay. Is there some other settings I am missing? No, there are no other settings, presuming TLS_CERTFILE in imapd-ssl points to imapd.pem, and Thunderbird is configured with the given hostname. pgpyAzWhM2Uj1.pgp Description: PGP signature -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] New courier and courier-imap release
I finally have a 0.76.0 ubuntu install to test and trying to get this to work... > - courier, courier-imap: add support for TLS SNI when Courier is built with > OpenSSL. I've added this vhost settings but no sign the LetsEncrypt certificate is being delivered to Thunderbird. ~ ls -1 /etc/courier/*renta.net defaultdomain.ded1649.renta.net dsnfrom.ded1649.renta.net esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem vhost.ded1649.renta.net ../ssl/ded1649.renta.net/mailserver.pem does exist and the default one for the canonical host does work okay. Is there some other settings I am missing? -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] New courier and courier-imap release
Download: http://www.courier-mta.org/download.html Changes: - courier, courier-imap: add support for TLS SNI when Courier is built with OpenSSL. - courier: "mx" SPF keyword ignores hosts without an MX, instead of returning an error. - maildrop: fix parsing a message without a body, and without a blank line that separates the message's headers from its body. This did not affect Courier which always inserts a blank line after headers, even if a received message didn't have one. - maildrop: fix maildrop not searching the last line of a text message. - maildrop: FLAGS variable sets message flags when delivering a message to a maildir. - Add Received-SPF: headers for the message envelope sender before the first Received: header. The Received-SPF: header for the HELO domain, if enabled, wasn't being added to the message due to a bug. - courier-imap: explicitly flush unread input when executing STARTTLS. - all: Added BuildRequires: perl-generators to the Fedora rpm spec file. - courier, courier-imap: fix compilation warnings. pgpKCeNorMqCp.pgp Description: PGP signature -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
