Dear all,


I'm stuck with a qmail installation that doesn't support TLS, so I'm trying
to get Spamdyke to deal with it on incoming connections.


Unfortunately I've not managed to get it to work - I get the following error
in the maillog when testing:



unable to start SSL/TLS connection: A protocol or library failure occurred,



My spamdyke.conf contains the following:







I've tried with and without the tls-cipher-list line commented out (which
I'm not sure is in any way correct anyway - I was just trying to disable
SSLv2 and SSLv3) and similarly with and without the dhparams line commented


I'm using the following to test:


openssl s_client -connect localhost:25 --starttls smtp 

which just gives me:




140244663195464:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert decode error:s23_clnt.c:744:


no peer certificate available


No client certificate CA names sent


SSL handshake has read 188 bytes and written 282 bytes


New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE



(I've also tried specifying a protocol such as -tls1_2 but that doesn't make
any difference)


Spamdyke itself has TLS compiled: spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG 

I did a fresh compile just to be sure. openssl and openssl-devel are
installed (latest versions).


The .pem appears to be valid, in as far as it is copied from a
qmail-with-tls server where it does work, and openssl verify says:

/ssl/servercert.pem: OU = Domain Control Validated, CN = *.REDACTED.TLD

error 20 at 0 depth lookup:unable to get local issuer certificate


I did initially have a permissions error on the .pem but that was giving me
"I/O error - unexpected EOF" type errors for the certificate in the logs,
but changing the perms resolved that one, thanks to a post by someone else
on the list a while ago.


Does anyone have any suggestions? Am I missing something obvious, as usual
:) ?

Any pointers or suggestions would be very much appreciated.









spamdyke-users mailing list

Reply via email to