Re: [spamdyke-users] Help getting TLS to work please
> Behalf Of Alessio Cecchi via spamdyke-users > Sent: 10 March 2016 08:00 > > Hi, > > if you use spamdyke fixcrio is no more necessary. > -- Ah, that's what I thought. The notes I have say that spamdyke takes care of the bare LFs. But because I could not remember if I added it to the tcpserver line for some specific reason, or whether it was added by the installer, I was afraid to remove it. Thank you again. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help getting TLS to work please
Il 10/03/2016 00:27, Faris Raouf via spamdyke-users ha scritto: From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On >Behalf Of Alessio Cecchi via spamdyke-users >For me works fine with: > >tls-level=smtp-no-passthrough >tls-certificate-file=/var/ssl/wildcard.pem > >and in /var/ssl/wildcard.pem there is a chain like this: > >CERTIFICATE >PRIVATE-KEY > > >openssl s_client -connect localhost:25 --starttls smtp > >Try with "-starttls" > Thank you for your suggestion. I really appreciate it. But in the past hour I've just found the cause: fixcrio Hi, if you use spamdyke fixcrio is no more necessary. -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help getting TLS to work please
> From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On > Behalf Of Alessio Cecchi via spamdyke-users > For me works fine with: > > tls-level=smtp-no-passthrough > tls-certificate-file=/var/ssl/wildcard.pem > > and in /var/ssl/wildcard.pem there is a chain like this: > > CERTIFICATE > PRIVATE-KEY > > > openssl s_client -connect localhost:25 --starttls smtp > > Try with "-starttls" > Thank you for your suggestion. I really appreciate it. But in the past hour I've just found the cause: fixcrio In my smtp/run file I have: tcpserver -DRUvX -c "$concurrency" -l "`head -1 /var/qmail/control/me`" -x /etc/tcpcontrol/smtp.cdb 0 smtp fixcrio /usr/local/bin/spamdyke -f /etc/spamdyke.d/spamdyke.conf /var/qmail/bin/qmail-smtpd Why is fixiocr here? Well, either I had to add it to make spamdyke work with this particular setup, or it was added by the particular install script I used to install this particular qmail installation. I just don't remember. Unfortunately, fixcrio from ucspi-tcp-0.88 breaks TLS completely (unsurprisingly!). Luckily there is a patch to fixcrio that allows it to support TLS, as seen here: http://www.mail-archive.com/qmail@id.wustl.edu/msg48044.html And applying this makes everything work perfectly, just as it should have done in the first place! Yay! I will experiment with removing fixcrio later. For now I'm just really pleased it all works correctly. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help getting TLS to work please
Il 09/03/2016 13:39, Faris Raouf via spamdyke-users ha scritto: Dear all, I’m stuck with a qmail installation that doesn’t support TLS, so I’m trying to get Spamdyke to deal with it on incoming connections. Unfortunately I’ve not managed to get it to work – I get the following error in the maillog when testing: ** unable to start SSL/TLS connection: A protocol or library failure occurred, error:1408A0BB:lib(20):func(138):reason(187) ** My spamdyke.conf contains the following: tls-certificate-file=/ssl/servercert.pem tls-level=smtp-no-passthrough #tls-cipher-list=ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:DES-CBC3-SHA tls-dhparams-file=/ssl/dhparams.pem I’ve tried with and without the tls-cipher-list line commented out (which I’m not sure is in any way correct anyway – I was just trying to disable SSLv2 and SSLv3) and similarly with and without the dhparams line commented out. For me works fine with: tls-level=smtp-no-passthrough tls-certificate-file=/var/ssl/wildcard.pem and in /var/ssl/wildcard.pem there is a chain like this: CERTIFICATE PRIVATE-KEY I’m using the following to test: openssl s_client -connect localhost:25 --starttls smtp Try with "-starttls" Let me know. -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
