Re: [toaster] pop3 ssl problem

Thu, 04 May 2006 11:07:33 -0700 

Alex Dean wrote:
I've had a toaster setup going for a few months with no problems. I'd like to enable the pop3s service, but I am having problems getting it running. 

#######################################################
kiltlifter:/var/log/qmail/pop3ds# tail current
@40000000445a3cb21b8203dc tcpserver: status: 1/40
@40000000445a3cb21b84a7a4 tcpserver: pid 21341 from 192.168.0.1

@40000000445a3cb21b856324 tcpserver: ok 21341 0:192.168.10.100:995 
:192.168.0.1::52220
@40000000445a3cb21bc9f9bc 2006.05.04 10:40:56 LOG5[21341:16384]: Using 
'qmail-popup' as tcpwrapper service name
@40000000445a3cb21c3820f4 2006.05.04 10:40:56 LOG5[21341:16384]: Could 
not load DH parameters from /var/qmail/control/servercert.pem
@40000000445a3cb21c39170c 2006.05.04 10:40:56 LOG4[21341:16384]: 
Diffie-Hellman initialization failed
@40000000445a3cb21c432544 2006.05.04 10:40:56 LOG3[21341:16384]: Error 
reading certificate file: /var/qmail/control/servercert.pem
@40000000445a3cb21c44e67c 2006.05.04 10:40:56 LOG3[21341:16384]: 
SSL_CTX_use_certificate_chain_file: error:0906D06C:PEM 
routines:PEM_read_bio:no start line

@40000000445a3cb21c4bb0c4 tcpserver: end 21341 status 256
@40000000445a3cb21c4c1a3c tcpserver: status: 0/40

kiltlifter:/var/log/qmail/pop3ds# ls -l /var/qmail/control
total 44

lrwxrwxrwx 1 root     root    33 2006-05-04 10:28 clientcert.pem -> 
/var/qmail/control/servercert.pem

-rw-r--r-- 1 root     root     3 2005-10-01 19:16 concurrencyincoming
-rw-r--r-- 1 root     root    11 2005-10-01 19:15 defaultdelivery
-rw-r--r-- 1 root     root    13 2005-10-01 19:13 defaultdomain
-rw-r----- 1 vpopmail qmail  245 2006-05-04 10:32 dh1024.pem
-rw-r----- 1 vpopmail qmail  156 2006-05-04 10:32 dh512.pem
-rw-r--r-- 1 root     root     0 2006-03-29 09:57 locals
-rw------- 1 root     root     0 2006-03-29 09:57 locals.lock
-rw-r--r-- 1 root     root    13 2005-10-01 19:13 me
-rw-r--r-- 1 root     root    13 2005-10-01 19:13 plusdomain
-rw-r--r-- 1 root     root   100 2006-03-29 09:57 rcpthosts
-rw------- 1 root     root     0 2006-03-29 09:57 rcpthosts.lock
-rw-r----- 1 vpopmail qmail  493 2006-05-04 10:32 rsa512.pem
-rw-r----- 1 vpopmail qmail 2197 2006-05-04 10:28 servercert.pem
-rw-r--r-- 1 root     root   200 2006-03-29 09:57 virtualdomains
-rw------- 1 root     root     0 2006-03-29 09:57 virtualdomains.lock
#######################################################


I found an error identical to this in the mailing list archives : 
http://www.mail-archive.com/toaster@shupp.org/msg03349.html



Rick's suggestion was to delete /var/qmail/control/*pem and rerun 'make 
cert' and 'update_tmprsadh'.  I did both of these things, and the error 
persists.



I initially discovered that I did not have stunnel installed, so I have 
also installed it today.  I then copied stunnel.conf from the toaster 
scripts to /var/qmail/supervise/qmail-pop3ds/.  I don't know if this is 
related or not, but it seemed like a possibility.



Might it be a permissions problem ?  Is stunnel running as vpopmail so 
it can read the file ?


 Error reading certificate file: /var/qmail/control/servercert.pem


seems like a permissions problem to me.  Maybe as a test, chmod 666 
servercert.pem and see if you get the same error.


Rick
























					Reply via email to