I'm stuck with a qmail installation that doesn't support TLS, so I'm trying
to get Spamdyke to deal with it on incoming connections.
Unfortunately I've not managed to get it to work - I get the following error
in the maillog when testing:
unable to start SSL/TLS connection: A protocol or library failure occurred,
My spamdyke.conf contains the following:
I've tried with and without the tls-cipher-list line commented out (which
I'm not sure is in any way correct anyway - I was just trying to disable
SSLv2 and SSLv3) and similarly with and without the dhparams line commented
I'm using the following to test:
openssl s_client -connect localhost:25 --starttls smtp
which just gives me:
alert decode error:s23_clnt.c:744:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 188 bytes and written 282 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
(I've also tried specifying a protocol such as -tls1_2 but that doesn't make
Spamdyke itself has TLS compiled: spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG
I did a fresh compile just to be sure. openssl and openssl-devel are
installed (latest versions).
The .pem appears to be valid, in as far as it is copied from a
qmail-with-tls server where it does work, and openssl verify says:
/ssl/servercert.pem: OU = Domain Control Validated, CN = *.REDACTED.TLD
error 20 at 0 depth lookup:unable to get local issuer certificate
I did initially have a permissions error on the .pem but that was giving me
"I/O error - unexpected EOF" type errors for the certificate in the logs,
but changing the perms resolved that one, thanks to a post by someone else
on the list a while ago.
Does anyone have any suggestions? Am I missing something obvious, as usual
Any pointers or suggestions would be very much appreciated.
spamdyke-users mailing list