[vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Hello Andrea, On Friday, January 16, 2004 at 11:30:31 PM you wrote (at least in part): Why qmail-pop3d via ssl don't open the relay? Reading your dumps a having a look in vpopmail sources I get the impression when you're in SSL mode the environment variable TCPREMOTEIP seems not to be set. I don't know which vpopmail version you're actually using, so I don't know if there are other versions when vpopmail does neither read nor write open-smtp, but this could be /one/ reason. Please execute this on a command line: ,- [ ] | #!/bin/sh | CAFILE=/usr/local/ssl/certs/pop3s.cert | CERTFILE=/usr/local/ssl/certs/pop3s.cert | KEYFILE=/usr/local/ssl/certs/pop3s.key | DHFILE=/usr/local/ssl/certs/dh1024.pem | export CAFILE CERTFILE KEYFILE DHFILE | exec /usr/local/bin/softlimit -m 380 \ | /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ | echo IP: $TCPREMOTEIP 21 `- And on a different terminal use 'openssl s_client ...' to connect to port 996. I'd expect the output 'IP: ' and nothing else ... -- Best regards Peter Palmreuther Other than that, Mrs. Lincoln, how was the play?
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Peter Palmreuther wrote: Hello Andrea, Reading your dumps a having a look in vpopmail sources I get the impression when you're in SSL mode the environment variable TCPREMOTEIP seems not to be set. I don't know which vpopmail version you're actually using, so I don't know if there are other versions when vpopmail does neither read nor write open-smtp, but this could be /one/ reason. Well, my version is 5.4.0-rc1. Now my runscript is: #!/bin/sh CAFILE=/usr/local/ssl/certs/pop3s.cert CERTFILE=/usr/local/ssl/certs/pop3s.cert KEYFILE=/usr/local/ssl/certs/pop3s.key DHFILE=/usr/local/ssl/certs/dh1024.pem export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ echo IP: $TCPREMOTEIP 21 I've tried on the same terminal, with 'openssl s_client -connect 127.0.0.1:996', and with 'openssl s_client -connect 'server's_public_IP:996' from a remote terminal, this is my output: observe# openssl s_client -connect 127.0.0.1:996 CONNECTED(0004) cut --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 564576620745756255D48121BE33D73A63D01F365BC3610D3ECF008EE129C3E3 Session-ID-ctx: Master-Key: ACA2871B120D636E91035E8C61CBEF378BFB241D454CFAD088B2DB5217A81E2747D881946AB1 06CBB564E3F3590FEDF4 Key-Arg : None Start Time: 1074331971 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=0 observe# TiG4:~ andrea$ openssl s_client -connect server's_public_ip:996 CONNECTED(0003) cut --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: EAB08452498F726CC32FE84EEE09E8F2DA2273D42ED6D70382B7D31A980CECEE Session-ID-ctx: Master-Key: F044319BCC17B487ED2E457F7305F0F1FD6267AC7385A02DFAFDC522B67CDDC2760BD9F7C5E1 2931106380FD54054F30 Key-Arg : None Start Time: 1074335061 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=0 TiG4:~ andrea$ Well, I think you've hit the problem. But what I've to do to resolve it? Thanks for all Regards Andrea
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Andrea Riela wrote: Well, I think you've hit the problem. But what I've to do to resolve it? exec /usr/local/bin/softlimit -m 380 \ ktrace -f /tmp/ktrace.ip /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ echo IP: $TCPREMOTEIP 21 The kdump says: cut 13884 sslserver GIO fd 2 wrote 56 bytes sslserver: cafile 13884 /usr/local/ssl/certs/pop3s.cert 13884 sslserver RET write 56/0x38 13884 sslserver CALL write(0x2,0xf558,0x1a) 13884 sslserver GIO fd 2 wrote 26 bytes sslserver: ccafile 13884 13884 sslserver RET write 26/0x1a 13884 sslserver CALL write(0x2,0xf558,0x2c) 13884 sslserver GIO fd 2 wrote 44 bytes sslserver: cadir 13884 /usr/local/ssl/certs 13884 sslserver RET write 44/0x2c 13884 sslserver CALL write(0x2,0xf558,0x36) 13884 sslserver GIO fd 2 wrote 54 bytes sslserver: cert 13884 /usr/local/ssl/certs/pop3s.cert 13884 sslserver RET write 54/0x36 13884 sslserver CALL write(0x2,0xf558,0x34) 13884 sslserver GIO fd 2 wrote 52 bytes sslserver: key 13884 /usr/local/ssl/certs/pop3s.key 13884 sslserver RET write 52/0x34 13884 sslserver CALL write(0x2,0xf558,0x3b) 13884 sslserver GIO fd 2 wrote 59 bytes sslserver: param 13884 /usr/local/ssl/certs/dh1024.pem 512 13884 sslserver RET write 59/0x3b 13884 sslserver CALL close(0) 13884 sslserver RET close 0 13884 sslserver CALL close(0x1) 13884 sslserver RET close 0 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes sslserver: status: 0/40 13884 sslserver RET write 24/0x18 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) 13884 sslserver RET accept 0 13884 sslserver CALL sigprocmask(0x1,0x8) 13884 sslserver RET sigprocmask 0 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes sslserver: status: 1/40 13884 sslserver RET write 24/0x18 13884 sslserver CALL fork 13884 sslserver RET fork 32655/0x7f8f 13884 sslserver CALL close(0) 13884 sslserver RET close 0 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) 13884 sslserver PSIG SIGCHLD caught handler=0x26b0 mask=0x0 13884 sslserver RET accept -1 errno 4 Interrupted system call 13884 sslserver CALL wait4(0x,0xcfbfd6ec,0x1,0) 13884 sslserver RET wait4 32655/0x7f8f 13884 sslserver CALL write(0x2,0xf558,0x22) 13884 sslserver GIO fd 2 wrote 34 bytes sslserver: end 32655 status 28416 13884 sslserver RET write 34/0x22 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes sslserver: status: 0/40 13884 sslserver RET write 24/0x18 13884 sslserver CALL wait4(0x,0xcfbfd6ec,0x1,0) 13884 sslserver RET wait4 -1 errno 10 No child processes 13884 sslserver CALL sigreturn(0xcfbfd708) 13884 sslserver RET sigreturn JUSTRETURN 13884 sslserver CALL sigprocmask(0x1,0x8) 13884 sslserver RET sigprocmask 0 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) I hope that could help you to define the problem Thanks Andrea
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp [SOLVED]
Thanks Peter, thanks ml, Now I've solved my problem. I need this patch: http://jonaspasche.de/ucspi-ssl/sslserver-compat.patch Because with ssl connection I haven't the $TCPREMOTEIP, as Peter said. Thank you very much Regards Andrea