Re: [qmailtoaster] ssl/tls for iphones and mac

2017-04-11 Thread Rodrigo Cortes 
Hi! certificate install with all chain... if install without chain the
mobile device dont work fine.


Thx.

2017-04-11 14:41 GMT-03:00 Rajesh M <24x7ser...@24x7server.net>:

> hi
>
> we recently purchased wildcard ssl for our mailserver and updated our
> servercert.pem file with rsa key and the certificates (domain certs and the
> chain)
>
> *.myhostname.com
>
> problem installing the ssl, iphones and macbooks are giving message that :
> certificate cannot be verified.
>
> found out that iphones and mac use ssl/tls only and not starttls.
>
> i configured slsl/tls using the following steps
>
> http://wiki.qmailtoaster.com/index.php/SSL
>
> 1) Stop qmail:
> # service qmail stop
> 2) Create the supervise directories for smtps
> # mkdir -p /var/qmail/supervise/smtp-ssl/supervise
> /var/qmail/supervise/smtp-ssl/log/supervise"
> 3) Create a file named /var/qmail/supervise/smtp-ssl/run containing:
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> SMTPD="/var/qmail/bin/qmail-smtpd"
> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
> HOSTNAME=`hostname`
> VCHKPW="/home/vpopmail/bin/vchkpw"
> export SMTPS=1
> exec /usr/bin/softlimit -m 1200 \
> /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
> -u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
> $SMTPD $VCHKPW /bin/true 2>&1
>
> 4) Create a file named /var/qmail/supervise/smtp-ssl/log/run containing:
> #!/bin/sh
> LOGSIZE=`cat /var/qmail/control/logsize`
> LOGCOUNT=`cat /var/qmail/control/logcount`
> exec /usr/bin/setuidgid qmaill /usr/bin/multilog \
>  t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-ssl 2>&1
>
> 5) Execute the following commands:
> # chmod +x /var/qmail/supervise/smtp-ssl/run
> /var/qmail/supervise/smtp-ssl/log/run
> # chown -R qmaill:qmail /var/qmail/supervise/smtp-ssl
> 6) Start qmail:
> # service qmail start
> 7) Open port tcp/465 in firewall if necessary.
> 8) Configure the client to use smtp-ssl via port 465.
>
>
> now my worry is that i need to provide for smtp authentication also for
> outgoing messages
>
> i tried adding export REQUIRE_AUTH=1 after export SMTPS=1, in the run file
> but it does not work.
>
> help required please
>
> thanks
> rajesh
>
>
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

[qmailtoaster] ssl/tls for iphones and mac

2017-04-11 Thread Rajesh M 
hi

we recently purchased wildcard ssl for our mailserver and updated our 
servercert.pem file with rsa key and the certificates (domain certs and the 
chain)

*.myhostname.com

problem installing the ssl, iphones and macbooks are giving message that : 
certificate cannot be verified.

found out that iphones and mac use ssl/tls only and not starttls.

i configured slsl/tls using the following steps

http://wiki.qmailtoaster.com/index.php/SSL

1) Stop qmail:
# service qmail stop
2) Create the supervise directories for smtps
# mkdir -p /var/qmail/supervise/smtp-ssl/supervise 
/var/qmail/supervise/smtp-ssl/log/supervise"
3) Create a file named /var/qmail/supervise/smtp-ssl/run containing:
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPS=1
exec /usr/bin/softlimit -m 1200 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
$SMTPD $VCHKPW /bin/true 2>&1

4) Create a file named /var/qmail/supervise/smtp-ssl/log/run containing:
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog \
 t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-ssl 2>&1

5) Execute the following commands:
# chmod +x /var/qmail/supervise/smtp-ssl/run 
/var/qmail/supervise/smtp-ssl/log/run
# chown -R qmaill:qmail /var/qmail/supervise/smtp-ssl
6) Start qmail:
# service qmail start
7) Open port tcp/465 in firewall if necessary.
8) Configure the client to use smtp-ssl via port 465.


now my worry is that i need to provide for smtp authentication also for 
outgoing messages

i tried adding export REQUIRE_AUTH=1 after export SMTPS=1, in the run file but 
it does not work.

help required please

thanks
rajesh



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com