Alex Dean wrote:
I've had a toaster setup going for a few months with no problems. I'd
like to enable the pop3s service, but I am having problems getting it
running.
#######################################################
kiltlifter:/var/log/qmail/pop3ds# tail current
@40000000445a3cb21b8203dc tcpserver: status: 1/40
@40000000445a3cb21b84a7a4 tcpserver: pid 21341 from 192.168.0.1
@40000000445a3cb21b856324 tcpserver: ok 21341 0:192.168.10.100:995
:192.168.0.1::52220
@40000000445a3cb21bc9f9bc 2006.05.04 10:40:56 LOG5[21341:16384]: Using
'qmail-popup' as tcpwrapper service name
@40000000445a3cb21c3820f4 2006.05.04 10:40:56 LOG5[21341:16384]: Could
not load DH parameters from /var/qmail/control/servercert.pem
@40000000445a3cb21c39170c 2006.05.04 10:40:56 LOG4[21341:16384]:
Diffie-Hellman initialization failed
@40000000445a3cb21c432544 2006.05.04 10:40:56 LOG3[21341:16384]: Error
reading certificate file: /var/qmail/control/servercert.pem
@40000000445a3cb21c44e67c 2006.05.04 10:40:56 LOG3[21341:16384]:
SSL_CTX_use_certificate_chain_file: error:0906D06C:PEM
routines:PEM_read_bio:no start line
@40000000445a3cb21c4bb0c4 tcpserver: end 21341 status 256
@40000000445a3cb21c4c1a3c tcpserver: status: 0/40
kiltlifter:/var/log/qmail/pop3ds# ls -l /var/qmail/control
total 44
lrwxrwxrwx 1 root root 33 2006-05-04 10:28 clientcert.pem ->
/var/qmail/control/servercert.pem
-rw-r--r-- 1 root root 3 2005-10-01 19:16 concurrencyincoming
-rw-r--r-- 1 root root 11 2005-10-01 19:15 defaultdelivery
-rw-r--r-- 1 root root 13 2005-10-01 19:13 defaultdomain
-rw-r----- 1 vpopmail qmail 245 2006-05-04 10:32 dh1024.pem
-rw-r----- 1 vpopmail qmail 156 2006-05-04 10:32 dh512.pem
-rw-r--r-- 1 root root 0 2006-03-29 09:57 locals
-rw------- 1 root root 0 2006-03-29 09:57 locals.lock
-rw-r--r-- 1 root root 13 2005-10-01 19:13 me
-rw-r--r-- 1 root root 13 2005-10-01 19:13 plusdomain
-rw-r--r-- 1 root root 100 2006-03-29 09:57 rcpthosts
-rw------- 1 root root 0 2006-03-29 09:57 rcpthosts.lock
-rw-r----- 1 vpopmail qmail 493 2006-05-04 10:32 rsa512.pem
-rw-r----- 1 vpopmail qmail 2197 2006-05-04 10:28 servercert.pem
-rw-r--r-- 1 root root 200 2006-03-29 09:57 virtualdomains
-rw------- 1 root root 0 2006-03-29 09:57 virtualdomains.lock
#######################################################
I found an error identical to this in the mailing list archives :
http://www.mail-archive.com/toaster@shupp.org/msg03349.html
Rick's suggestion was to delete /var/qmail/control/*pem and rerun 'make
cert' and 'update_tmprsadh'. I did both of these things, and the error
persists.
I initially discovered that I did not have stunnel installed, so I have
also installed it today. I then copied stunnel.conf from the toaster
scripts to /var/qmail/supervise/qmail-pop3ds/. I don't know if this is
related or not, but it seemed like a possibility.
Might it be a permissions problem ? Is stunnel running as vpopmail so
it can read the file ?
Error reading certificate file: /var/qmail/control/servercert.pem
seems like a permissions problem to me. Maybe as a test, chmod 666
servercert.pem and see if you get the same error.
Rick