Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Charles Hockenbarger 
Have you validated that the file itself isn't corrupted?

⁣Get TypeApp for Android ​

On Jan 11, 2020, 12:08 PM, at 12:08 PM, Remo Mattei  wrote:
>now the problem with this is that my webmail does not auth anymore
>
>—
>Remo
>
>> On Saturday, Jan 11, 2020 at 09:44, Remo Mattei (mailto:r...@mattei.org)> wrote:
>> looks like the new opitons is
>> auth_ssl_require_client_cert = yes
>>
>>
>> —
>> Remo
>>
>> > On Saturday, Jan 11, 2020 at 09:35, (mailto:qmailtoas...@dukat.dk)> wrote:
>> > I tryed Google an got to this page:
>> >
>> >
>https://serverfault.com/questions/639837/openssl-s-client-shows-alert-certificate-unknown-but-all-server-certificates-app
>> >
>> > "
>> > In my case
>> >
>> > error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
>> > unknown:s3_pkt.c:1260:SSL alert number 46
>> >
>> > was solved by adding
>> >
>> > ssl_verify_client_cert = yes
>> >
>> > in /etc/dovecot/dovecot.conf.
>> > "
>> >
>> > Allan Dukat
>> >
>> >
>> > On 2020-01-11 16:50, Eric Broch wrote:
>> > > can you try debugging:
>> > >
>> > > user='myu...@mydomain.tld'
>> > > pass='mypasswd'
>> > > bash -c 'echo a login '"$user $pass"'; while read x; do echo
>"$x";
>> > > done'
>> > > | openssl s_client -crlf -connect mail.mydomain.com:993
>> > > -CAfile /var/qmail/control/servercert.pem
>> > > -cert /var/qmail/control/servercert.pem
>> > > -key /var/qmail/control/servercert.pem
>> > > -debug
>> > >
>> > > On 1/11/2020 8:27 AM, Remo Mattei wrote:
>> > >
>> > > > Yes here is the config
>> > > >
>> > > > auth_mechanisms = plain login digest-md5 cram-md5
>> > > > auth_username_format = %Lu
>> > > > first_valid_uid = 89
>> > > > first_valid_gid = 89
>> > > > log_path = /var/log/dovecot.log
>> > > > login_greeting = IMAP server .
>> > > > mail_plugins = $mail_plugins quota
>> > > > plugin/quota = maildir
>> > > > protocols = imap pop3
>> > > > disable_plaintext_auth = no
>> > > > ssl=yes
>> > > > ssl_cert = > > > > ssl_key = > > > > mail_location = maildir:~/Maildir
>> > > >
>> > > > and I have this working on a diff server
>> > > >
>> > > > —
>> > > > Remo
>> > > >
>> > > > On Saturday, Jan 11, 2020 at 07:15, Charles Hockenbarger
>> > > >  wrote:
>> > > >
>> > > > Are you sure the cert location is defined correctly?
>> > > >
>> > > > Get TypeApp for Android [1]
>> > > > On Jan 11, 2020, at 9:05 AM, Remo Mattei 
>wrote:
>> > > >
>> > > > :34 imap-login: Info: Disconnected (no auth attempts in 0
>secs):
>> > > > user=<>, rip=52.125.128.94, lip=x, TLS handshaking:
>SSL_accept()
>> > > > failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
>> > > > certificate unknown: SSL alert number 46,
>session=
>> > > >
>> > > > Jan 11 08:03
>> > > >
>> > > > I am getting this any suggestions from anyone?
>> > > >
>> > > > —
>> > > > Remo
>> > >
>> > >
>> > > Links:
>> > > --
>> > > [1] http://www.typeapp.com/r?b=15723
>> >
>> >
>-
>> > To unsubscribe, e-mail:
>qmailtoaster-list-unsubscr...@qmailtoaster.com
>> > For additional commands, e-mail:
>qmailtoaster-list-h...@qmailtoaster.com
>> >

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Remo Mattei 
now the problem with this is that my webmail does not auth anymore

—
Remo

> On Saturday, Jan 11, 2020 at 09:44, Remo Mattei  (mailto:r...@mattei.org)> wrote:
> looks like the new opitons is
> auth_ssl_require_client_cert = yes
>
>
> —
> Remo
>
> > On Saturday, Jan 11, 2020 at 09:35,  > (mailto:qmailtoas...@dukat.dk)> wrote:
> > I tryed Google an got to this page:
> >
> > https://serverfault.com/questions/639837/openssl-s-client-shows-alert-certificate-unknown-but-all-server-certificates-app
> >
> > "
> > In my case
> >
> > error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
> > unknown:s3_pkt.c:1260:SSL alert number 46
> >
> > was solved by adding
> >
> > ssl_verify_client_cert = yes
> >
> > in /etc/dovecot/dovecot.conf.
> > "
> >
> > Allan Dukat
> >
> >
> > On 2020-01-11 16:50, Eric Broch wrote:
> > > can you try debugging:
> > >
> > > user='myu...@mydomain.tld'
> > > pass='mypasswd'
> > > bash -c 'echo a login '"$user $pass"'; while read x; do echo "$x";
> > > done'
> > > | openssl s_client -crlf -connect mail.mydomain.com:993
> > > -CAfile /var/qmail/control/servercert.pem
> > > -cert /var/qmail/control/servercert.pem
> > > -key /var/qmail/control/servercert.pem
> > > -debug
> > >
> > > On 1/11/2020 8:27 AM, Remo Mattei wrote:
> > >
> > > > Yes here is the config
> > > >
> > > > auth_mechanisms = plain login digest-md5 cram-md5
> > > > auth_username_format = %Lu
> > > > first_valid_uid = 89
> > > > first_valid_gid = 89
> > > > log_path = /var/log/dovecot.log
> > > > login_greeting = IMAP server .
> > > > mail_plugins = $mail_plugins quota
> > > > plugin/quota = maildir
> > > > protocols = imap pop3
> > > > disable_plaintext_auth = no
> > > > ssl=yes
> > > > ssl_cert =  > > > ssl_key =  > > > mail_location = maildir:~/Maildir
> > > >
> > > > and I have this working on a diff server
> > > >
> > > > —
> > > > Remo
> > > >
> > > > On Saturday, Jan 11, 2020 at 07:15, Charles Hockenbarger
> > > >  wrote:
> > > >
> > > > Are you sure the cert location is defined correctly?
> > > >
> > > > Get TypeApp for Android [1]
> > > > On Jan 11, 2020, at 9:05 AM, Remo Mattei  wrote:
> > > >
> > > > :34 imap-login: Info: Disconnected (no auth attempts in 0 secs):
> > > > user=<>, rip=52.125.128.94, lip=x, TLS handshaking: SSL_accept()
> > > > failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
> > > > certificate unknown: SSL alert number 46, session=
> > > >
> > > > Jan 11 08:03
> > > >
> > > > I am getting this any suggestions from anyone?
> > > >
> > > > —
> > > > Remo
> > >
> > >
> > > Links:
> > > --
> > > [1] http://www.typeapp.com/r?b=15723
> >
> > -
> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> >

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Remo Mattei 
looks like the new opitons is
auth_ssl_require_client_cert = yes

—
Remo

> On Saturday, Jan 11, 2020 at 09:35,  (mailto:qmailtoas...@dukat.dk)> wrote:
> I tryed Google an got to this page:
>
> https://serverfault.com/questions/639837/openssl-s-client-shows-alert-certificate-unknown-but-all-server-certificates-app
>
> "
> In my case
>
> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
> unknown:s3_pkt.c:1260:SSL alert number 46
>
> was solved by adding
>
> ssl_verify_client_cert = yes
>
> in /etc/dovecot/dovecot.conf.
> "
>
> Allan Dukat
>
>
> On 2020-01-11 16:50, Eric Broch wrote:
> > can you try debugging:
> >
> > user='myu...@mydomain.tld'
> > pass='mypasswd'
> > bash -c 'echo a login '"$user $pass"'; while read x; do echo "$x";
> > done'
> > | openssl s_client -crlf -connect mail.mydomain.com:993
> > -CAfile /var/qmail/control/servercert.pem
> > -cert /var/qmail/control/servercert.pem
> > -key /var/qmail/control/servercert.pem
> > -debug
> >
> > On 1/11/2020 8:27 AM, Remo Mattei wrote:
> >
> > > Yes here is the config
> > >
> > > auth_mechanisms = plain login digest-md5 cram-md5
> > > auth_username_format = %Lu
> > > first_valid_uid = 89
> > > first_valid_gid = 89
> > > log_path = /var/log/dovecot.log
> > > login_greeting = IMAP server .
> > > mail_plugins = $mail_plugins quota
> > > plugin/quota = maildir
> > > protocols = imap pop3
> > > disable_plaintext_auth = no
> > > ssl=yes
> > > ssl_cert =  > > ssl_key =  > > mail_location = maildir:~/Maildir
> > >
> > > and I have this working on a diff server
> > >
> > > —
> > > Remo
> > >
> > > On Saturday, Jan 11, 2020 at 07:15, Charles Hockenbarger
> > >  wrote:
> > >
> > > Are you sure the cert location is defined correctly?
> > >
> > > Get TypeApp for Android [1]
> > > On Jan 11, 2020, at 9:05 AM, Remo Mattei  wrote:
> > >
> > > :34 imap-login: Info: Disconnected (no auth attempts in 0 secs):
> > > user=<>, rip=52.125.128.94, lip=x, TLS handshaking: SSL_accept()
> > > failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
> > > certificate unknown: SSL alert number 46, session=
> > >
> > > Jan 11 08:03
> > >
> > > I am getting this any suggestions from anyone?
> > >
> > > —
> > > Remo
> >
> >
> > Links:
> > --
> > [1] http://www.typeapp.com/r?b=15723
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Remo Mattei 
I tried that and dovecot will not restart

—
Remo

> On Saturday, Jan 11, 2020 at 09:35,  (mailto:qmailtoas...@dukat.dk)> wrote:
> I tryed Google an got to this page:
>
> https://serverfault.com/questions/639837/openssl-s-client-shows-alert-certificate-unknown-but-all-server-certificates-app
>
> "
> In my case
>
> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
> unknown:s3_pkt.c:1260:SSL alert number 46
>
> was solved by adding
>
> ssl_verify_client_cert = yes
>
> in /etc/dovecot/dovecot.conf.
> "
>
> Allan Dukat
>
>
> On 2020-01-11 16:50, Eric Broch wrote:
> > can you try debugging:
> >
> > user='myu...@mydomain.tld'
> > pass='mypasswd'
> > bash -c 'echo a login '"$user $pass"'; while read x; do echo "$x";
> > done'
> > | openssl s_client -crlf -connect mail.mydomain.com:993
> > -CAfile /var/qmail/control/servercert.pem
> > -cert /var/qmail/control/servercert.pem
> > -key /var/qmail/control/servercert.pem
> > -debug
> >
> > On 1/11/2020 8:27 AM, Remo Mattei wrote:
> >
> > > Yes here is the config
> > >
> > > auth_mechanisms = plain login digest-md5 cram-md5
> > > auth_username_format = %Lu
> > > first_valid_uid = 89
> > > first_valid_gid = 89
> > > log_path = /var/log/dovecot.log
> > > login_greeting = IMAP server .
> > > mail_plugins = $mail_plugins quota
> > > plugin/quota = maildir
> > > protocols = imap pop3
> > > disable_plaintext_auth = no
> > > ssl=yes
> > > ssl_cert =  > > ssl_key =  > > mail_location = maildir:~/Maildir
> > >
> > > and I have this working on a diff server
> > >
> > > —
> > > Remo
> > >
> > > On Saturday, Jan 11, 2020 at 07:15, Charles Hockenbarger
> > >  wrote:
> > >
> > > Are you sure the cert location is defined correctly?
> > >
> > > Get TypeApp for Android [1]
> > > On Jan 11, 2020, at 9:05 AM, Remo Mattei  wrote:
> > >
> > > :34 imap-login: Info: Disconnected (no auth attempts in 0 secs):
> > > user=<>, rip=52.125.128.94, lip=x, TLS handshaking: SSL_accept()
> > > failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
> > > certificate unknown: SSL alert number 46, session=
> > >
> > > Jan 11 08:03
> > >
> > > I am getting this any suggestions from anyone?
> > >
> > > —
> > > Remo
> >
> >
> > Links:
> > --
> > [1] http://www.typeapp.com/r?b=15723
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread qmailtoaster 

I tryed Google an got to this page:

https://serverfault.com/questions/639837/openssl-s-client-shows-alert-certificate-unknown-but-all-server-certificates-app

"
In my case

  error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate 
unknown:s3_pkt.c:1260:SSL alert number 46


was solved by adding

  ssl_verify_client_cert = yes

in /etc/dovecot/dovecot.conf.
"

Allan Dukat


On 2020-01-11 16:50, Eric Broch wrote:

can you try debugging:

user='myu...@mydomain.tld'
 pass='mypasswd'
 bash -c 'echo a login '"$user $pass"'; while read x; do echo "$x";
done'
 | openssl s_client -crlf -connect mail.mydomain.com:993
 -CAfile /var/qmail/control/servercert.pem
 -cert /var/qmail/control/servercert.pem
 -key  /var/qmail/control/servercert.pem
 -debug

On 1/11/2020 8:27 AM, Remo Mattei wrote:


Yes here is the config 

auth_mechanisms = plain login digest-md5 cram-md5
auth_username_format = %Lu
first_valid_uid = 89
first_valid_gid = 89
log_path = /var/log/dovecot.log
login_greeting = IMAP server .
mail_plugins = $mail_plugins quota
plugin/quota = maildir
protocols = imap pop3
disable_plaintext_auth = no
ssl=yes
ssl_cert =  wrote:

Are you sure the cert location is defined correctly?

Get TypeApp for Android [1]
On Jan 11, 2020, at 9:05 AM, Remo Mattei  wrote:

:34 imap-login: Info: Disconnected (no auth attempts in 0 secs):
user=<>, rip=52.125.128.94, lip=x, TLS handshaking: SSL_accept()
failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown: SSL alert number 46, session=

Jan 11 08:03

I am getting this any suggestions from anyone?

—
Remo



Links:
--
[1] http://www.typeapp.com/r?b=15723


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Remo Mattei 
so I found out that it does not work on android but with iphone I can get mail..

—
Remo

> On Saturday, Jan 11, 2020 at 07:51, Eric Broch  (mailto:ebr...@whitehorsetc.com)> wrote:
>
> can you try debugging:
>
>
>
> user='myu...@mydomain.tld (mailto:myu...@mydomain.tld)'
> pass='mypasswd'
> bash -c 'echo a login '"$user $pass"'; while read x; do echo "$x"; done' \
> | openssl s_client -crlf -connect mail.mydomain.com:993 \
> -CAfile /var/qmail/control/servercert.pem \
> -cert /var/qmail/control/servercert.pem \
> -key /var/qmail/control/servercert.pem \
> -debug
>
>
> On 1/11/2020 8:27 AM, Remo Mattei wrote:
> > Yes here is the config
> >
> >
> >
> > auth_mechanisms = plain login digest-md5 cram-md5
> > auth_username_format = %Lu
> > first_valid_uid = 89
> > first_valid_gid = 89
> > log_path = /var/log/dovecot.log
> > login_greeting = IMAP server .
> > mail_plugins = $mail_plugins quota
> > plugin/quota = maildir
> > protocols = imap pop3
> > disable_plaintext_auth = no
> > ssl=yes
> > ssl_cert =  > ssl_key =  > mail_location = maildir:~/Maildir
> >
> >
> >
> > and I have this working on a diff server
> >
> >
> >
> > —
> > Remo
> >
> > > On Saturday, Jan 11, 2020 at 07:15, Charles Hockenbarger 
> > > mailto:chash...@gmail.com)> wrote:
> > > Are you sure the cert location is defined correctly?
> > >
> > > Get TypeApp for Android (http://www.typeapp.com/r?b=15723)
> > > On Jan 11, 2020, at 9:05 AM, Remo Mattei  > > (mailto:r...@mattei.org)> wrote:
> > > > :34 imap-login: Info: Disconnected (no auth attempts in 0 secs): 
> > > > user=<>, rip=52.125.128.94, lip=x, TLS handshaking: SSL_accept() 
> > > > failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert 
> > > > certificate unknown: SSL alert number 46, session=
> > > > Jan 11 08:03
> > > >
> > > > I am getting this any suggestions from anyone?
> > > >
> > > > —
> > > > Remo
> > > >

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Eric Broch 

can you try debugging:

user='myu...@mydomain.tld'
pass='mypasswd'
bash -c 'echo a login '"$user $pass"'; while read x; do echo "$x"; done' \
| openssl s_client -crlf -connect mail.mydomain.com:993 \
-CAfile /var/qmail/control/servercert.pem \
-cert /var/qmail/control/servercert.pem \
-key  /var/qmail/control/servercert.pem \
-debug

On 1/11/2020 8:27 AM, Remo Mattei wrote:

Yes here is the config



auth_mechanisms = plain login digest-md5 cram-md5
auth_username_format = %Lu
first_valid_uid = 89
first_valid_gid = 89
log_path = /var/log/dovecot.log
login_greeting = IMAP server .
mail_plugins = $mail_plugins quota
plugin/quota = maildir
protocols = imap pop3
disable_plaintext_auth = no
ssl=yes
ssl_cert = mailto:chash...@gmail.com>> wrote:
Are you sure the cert location is defined correctly?

Get TypeApp for Android 
On Jan 11, 2020, at 9:05 AM, Remo Mattei mailto:r...@mattei.org>> wrote:

:34 imap-login: Info: Disconnected (no auth attempts in 0
secs): user=<>, rip=52.125.128.94, lip=x, TLS handshaking:
SSL_accept() failed: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL
alert number 46, session=
Jan 11 08:03

I am getting this any suggestions from anyone?

—
Remo

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Remo Mattei 
Yes here is the config

auth_mechanisms = plain login digest-md5 cram-md5
auth_username_format = %Lu
first_valid_uid = 89
first_valid_gid = 89
log_path = /var/log/dovecot.log
login_greeting = IMAP server .
mail_plugins = $mail_plugins quota
plugin/quota = maildir
protocols = imap pop3
disable_plaintext_auth = no
ssl=yes
ssl_cert =  On Saturday, Jan 11, 2020 at 07:15, Charles Hockenbarger  (mailto:chash...@gmail.com)> wrote:
> Are you sure the cert location is defined correctly?
>
> Get TypeApp for Android (http://www.typeapp.com/r?b=15723)
> On Jan 11, 2020, at 9:05 AM, Remo Mattei  (mailto:r...@mattei.org)> wrote:
> > :34 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, 
> > rip=52.125.128.94, lip=x, TLS handshaking: SSL_accept() failed: 
> > error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate 
> > unknown: SSL alert number 46, session=
> > Jan 11 08:03
> >
> > I am getting this any suggestions from anyone?
> >
> > —
> > Remo
> >

Re: [qmailtoaster] ssl cert issue

2020-01-11 Thread Charles Hockenbarger 
Are you sure the cert location is defined correctly?

⁣Get TypeApp for Android ​

On Jan 11, 2020, 9:05 AM, at 9:05 AM, Remo Mattei  wrote:
>:34 imap-login: Info: Disconnected (no auth attempts in 0 secs):
>user=<>, rip=52.125.128.94, lip=x, TLS handshaking: SSL_accept()
>failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
>certificate unknown: SSL alert number 46, session=
>Jan 11 08:03
>
>I am getting this any suggestions from anyone?
>
>—
>Remo