Absolutely. I think I've got that already, as that's the way the
default install works, but I should probably go do some tests just
to make sure. Nothing like configuring a client and trying it to
test it out.
Gary
On
Glad to hear. In any case any usage of submission port, both to local
and external domains, should be done only by authenticated users.
Tonino
Il 23/03/2024 12:38, Gary Bowling ha scritto:
Thanks, the error turned out to be solved by fixing up the
/var/qmail/supervise/submission/run file
Yeh, but the email software didn't accept the ecdsa key. I've tried the key
order but keeps failing. But now I've seen this thread it could be a config
option.
Greets,
Peter
Gary Bowling schreef op 23 maart 2024 12:36:21 CET:
>
>Thanks Peter, good to know as it looks like they are going to
Thanks, the error turned out to be solved by fixing up the
/var/qmail/supervise/submission/run file to accept starttls and
encrypted passwords.
On 3/23/2024 4:20 AM, Tonix wrote:
"However, when I try to send to external domains,
Thanks Peter, good to know as it looks like they are going to
ecdsa for the default.
On 3/23/2024 3:18 AM, Peter Peterse
wrote:
Hi,
Letsencrypt van generate rsa keys by using --key-type rsa
"However, when I try to send to external domains, I get the error that
CHKUSER rejected relaying, saying "client not allowed to relay"".
That means sending user is not authenticated.
Probably your submission port accepts messages from anyone for local
domains.
Tonino
Il 23 marzo 2024
Hi,
Letsencrypt van generate rsa keys by using --key-type rsa
The order in my servercert.pem is private key followed by the fullchain file.
I'm using Almalinux 9
Regards,
Peter
g...@gbco.us schreef op 23 maart 2024 00:05:48 CET:
>
>It looks like letsencrypt is now using ecdsa by default.
>
No that doesn't work. It only works if I have FORCETLS=1 and
SMTPAUTH="!+cram"
Thanks, Gary
On 3/22/2024 9:05 PM, Eric Broch wrote:
Try submission run file
#!/bin/sh
QMAILDUID=`id -u vpopmail`
Try submission run file
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export FORCETLS=0
export
Rocky 9.3.
Gary
On 3/22/2024 8:31 PM, Eric Broch wrote:
What are you running EL 8 or 9?
On 3/22/2024 6:28 PM, Gary Bowling
wrote:
Yea did that.
What are you running EL 8 or 9?
On 3/22/2024 6:28 PM, Gary Bowling wrote:
Yea did that.
I tried what Remo suggested, which was to change the client send
config to:
port 465
SSL/TLS
Normal Password
This should send mail through the /var/qmail/supervise/smtps/ config.
That worked,
Yea did that.
I tried what Remo suggested, which was to change the client send
config to:
port 465
SSL/TLS
Normal Password
This should send mail through the /var/qmail/supervise/smtps/
config. That worked, which told
cat /etc/letsencrypt/live/mydomain.com/fullchain.pem
/etc/letsencrypt/live/mydomain.com/privkey.pem >
/var/qmail/control/servercert.pem
On 3/22/2024 4:29 PM, g...@gbco.us wrote:
I can send mail via the roundcube web mail. That's where this message
is coming from.
When sending mail from
This value was set long ago I would suggest to leave ! And change encrypted to
password it should all work fine.
Inviato da iPhone
> Il giorno 22 mar 2024, alle ore 16:35, g...@gbco.us ha scritto:
>
> Ok, in my old server's /var/qmail/supervise/submission/run file, I had the
> following
Ok, in my old server's /var/qmail/supervise/submission/run file, I had
the following line.
export REQUIRE_AUTH=1
In the new server, it had the following line.
export SMTPAUTH="!"
I'm not sure what the syntax on the new server line means. I changed the
line to be like my old server and now
Well, this is the way many of my clients are already configured... So I
have to figure out a way to make it work, or go back to my old server.
Not really an option to reconfigure all my clients.
Thanks, Gary
On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.
I have the private first is I recall it right then cert then bundle
I see you have an extra there. Not sure that could cause the issue
Inviato da iPhone
> Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
>
>
> I can send mail via the roundcube web mail. That's where this
You need to use password not encrypted.
Inviato da iPhone
> Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
>
>
> I can send mail via the roundcube web mail. That's where this message is
> coming from.
>
> When sending mail from thunderbird, I have my smtp server set up in
It looks like letsencrypt is now using ecdsa by default.
So I went back and copied my certs off my old server, probably not what
I really want to do. But it did give me a different error. Now I'm
getting this one.
Sending of the message failed.
The Outgoing server (SMTP) mail.gbco.us does
I can send mail via the roundcube web mail. That's where this message is
coming from.
When sending mail from thunderbird, I have my smtp server set up in my
client as
Port 587
startTLS
Encrypted Password
This is the same as I had with a number of clients on my old server.
When I try to
echo "Done..."
>>
>> exit 0
>>
>>
>>
>>
>> In crontab
>>
>> @daily /my/dir/path/le
>>
>> On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:
>>
>> Remo,
>>
>>
>>
>> I use LetsEncrypt
causes the IMAP SSL to
> match up with the FQDN they are looking for. I never have an issue when
> LetsEncrypt does it automatic update [which is every 60 days as recommended
> by LetsEncrypt’s certbot] and the customer never gets a SSL cert mismatch.
>
>
>
> Carl
>
>
>
>>>
>>> echo "Done..."
>>> exit 0
>>>
>>>
>>>
>>>
>>>
>>> In crontab
>>>
>>> @daily /my/dir/path/le
>>>
>>>
>>> On 5/12/2021 5:34 AM, CarlC Internet Services S
pt does it automatic update [which is every 60
days as recommended by LetsEncrypt’s certbot] and the customer never
gets a SSL cert mismatch.
Carl
*From:*Remo Mattei [mailto:r...@mattei.org]
*Sent:* Tuesday, May 11, 2021 09:07 PM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster]
pt does it automatic update [which is every 60
days as recommended by LetsEncrypt’s certbot] and the customer never
gets a SSL cert mismatch.
Carl
*From:*Remo Mattei [mailto:r...@mattei.org]
*Sent:* Tuesday, May 11, 2021 09:07 PM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Certi
t I tell everyone who uses the service to use
>> “secure.carlc.com” as the email server name. This causes the IMAP SSL to
>> match up with the FQDN they are looking for. I never have an issue when
>> LetsEncrypt does it automatic update [which is every 60 days as recommended
>>
or. I never have an issue
when LetsEncrypt does it automatic update [which is every 60 days as
recommended by LetsEncrypt’s certbot] and the customer never gets a
SSL cert mismatch.
Carl
*From:*Remo Mattei [mailto:r...@mattei.org]
*Sent:* Tuesday, May 11, 2021 09:07 PM
*To:* qmailtoaster-
as recommended by
LetsEncrypt’s certbot] and the customer never gets a SSL cert mismatch.
Carl
From: Remo Mattei [mailto:r...@mattei.org]
Sent: Tuesday, May 11, 2021 09:07 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Certificate
Yes the thing is 10 dollars for 2 years
the same format)
#
/usr/sbin/service webmin stop
cat /var/qmail/control/servercert.pem > /etc/webmin/miniserv.pem
/usr/sbin/service webmin start
#
#
#
From: Rodrigo Cortes [mailto:rap...@gmail.com]
Sent: Tuesday, May 11, 2021 09:27 PM
To: qmailtoaster-list@qmailtoaster.co
No more... Certificates are going to be released for no more than one
year of validity.
You may buy a two years contract, but you'll be force to install a new
certificate after one year.
Nextly all browsers will not accept certificates expiring after more
than 15 months.
Regards,
Tonino
Il
LetsEncrypt I use that on mine.
Free. :)
From: Scott Hughes
Reply-To:
Date: Tuesday, May 11, 2021 at 6:03 PM
To:
Subject: [qmailtoaster] Certificate
Where is the cheapest place to get a certificate for my server. The server is
in the USA if that matters. Thank you
hi!
is a simple script for renew and apply to qmail, dovecot and apache :)
I have this solution for other smtp and work fine :)
El mar, 11 may 2021 a las 21:07, Remo Mattei () escribió:
> Yes the thing is 10 dollars for 2 years nothing to change whereas,
> letencrypt, need to change every 90
Yes the thing is 10 dollars for 2 years nothing to change whereas, letencrypt,
need to change every 90 days and IMAP will prompt you for a new cert.. not
ideal for customers if you do for your personal servers then that’s good.
Remo
> On May 11, 2021, at 4:04 PM, Rodrigo Cortes wrote:
>
>
Hi!
Use letencrypt, is free :)
El mar, 11 may 2021 a las 18:49, escribió:
> Ssls.com
>
> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes <
> sonicscott9...@gmail.com> ha scritto:
> >
> > Where is the cheapest place to get a certificate for my server. The
> server is in the USA if that
Ssls.com
> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes
> ha scritto:
>
> Where is the cheapest place to get a certificate for my server. The server
> is in the USA if that matters. Thank you!
> -
> To unsubscribe,
Where is the cheapest place to get a certificate for my server. The server is
in the USA if that matters. Thank you!
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
Robin W. Sanchez C. wrote:
Make a self signed certificate:
cd /etc/pki/tls/certs/
make stunnel.pem
Note: common name should be your FQDN server.your-domain.com
mv stunnel.pem /var/qmail/control/servercert.pem
chown root:qmail /var/qmail/control/servercert.pem
chmod 644
Make a self signed certificate:
cd /etc/pki/tls/certs/
make stunnel.pem
Note: common name should be your FQDN server.your-domain.com
mv stunnel.pem /var/qmail/control/servercert.pem
chown root:qmail /var/qmail/control/servercert.pem
chmod 644 /var/qmail/control/servercert.pem
Looking at this wiki. It says I can use the same SSL certificate for apache.
How would this work when my qmail is mail.domain.com and my apache is
www.domain.com? Isn't the cert tied to a common name? Unless if using a
wildcard which I don't think is a feature of that $9.99 certificate.
That's why you use a common name that works for both. I usually do
secure.domain.com for 1 domains that will only have one server. On
domains with more than 1 server needing ssl I give names and use http
forwards for everything else.
For example, my domain, kabewm.com, has a few servers in it. I
40 matches
Mail list logo
