check the version of stunnel instaled, and use the corresponding run
script for qmail-pop3ds
regards,
*Ingo Claro F.*
Gerente de Operaciones
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
(+56-2) 43 00 155
NetRed S.A. <http://www.netred.cl>
Certificado ISO 9001:2000
Alex Dean escribió:
On May 4, 2006, at 11:07 AM, Rick Macdougall wrote:
Might it be a permissions problem ?
I thought that at first, but changing permissions on the certificate
file did not help. :(
Is stunnel running as vpopmail so it can read the file ?
I'm not sure, but I think so. The only place I've seen stunnel
invoked is in /var/qmail/supervise/qmail-pop3ds/run :
########################################################
exec /usr/local/bin/tcpserver -l 0 -R -H
-v \
-u"$VPOPMAILUID" -g"$VPOPMAILGID" 0 995 \
/usr/sbin/stunnel -f -p
/var/qmail/control/servercert.pem \
-l /var/qmail/bin/qmail-popup -- qmail-popup `hostname` \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
########################################################
I'm on Debian, and used apt-get to install stunnel. apt installed it
in /usr/bin/, so I put a symlink in /usr/sbin pointing to it. Before
I did this I was getting errors like "@40000000445a38f325b9380c
tcpserver: warning: dropping connection, unable to run
/usr/sbin/stunnel: file does not exist". The fact that these have
ceased makes me think that qmail is able to run stunnel OK. Whether
it is configured correctly may be another matter...
Error reading certificate file: /var/qmail/control/servercert.pem
seems like a permissions problem to me. Maybe as a test, chmod 666
servercert.pem and see if you get the same error.
I thought the same thing. When I chmod'ed servercert.pem, it didn't
fix the problem but I did get a new error, so I chmod'ed it back.
Note the line that says 'wrong permissions...'. Other than that, it's
all the same as before.
########################################################
kiltlifter:/var/qmail/control# chmod o+r servercert.pem
<try to check mail via remote machine>
kiltlifter:/var/qmail/control# tail /var/log/qmail/pop3ds/current
@40000000445a443e2b2fd6ec tcpserver: pid 21480 from 192.168.0.1
@40000000445a443e2b309654 tcpserver: ok 21480 0:192.168.10.100:995
:192.168.0.1::52306
@40000000445a443e2b744674 2006.05.04 11:13:08 LOG5[21480:16384]: Using
'qmail-popup' as tcpwrapper service name
@40000000445a443e2b75e484 2006.05.04 11:13:08 LOG4[21480:16384]: Wrong
permissions on /var/qmail/control/servercert.pem
@40000000445a443e2be3cd3c 2006.05.04 11:13:08 LOG5[21480:16384]: Could
not load DH parameters from /var/qmail/control/servercert.pem
@40000000445a443e2be4c354 2006.05.04 11:13:08 LOG4[21480:16384]:
Diffie-Hellman initialization failed
@40000000445a443e2beea694 2006.05.04 11:13:08 LOG3[21480:16384]: Error
reading certificate file: /var/qmail/control/servercert.pem
@40000000445a443e2bf06f9c 2006.05.04 11:13:08 LOG3[21480:16384]:
SSL_CTX_use_certificate_chain_file: error:0906D06C:PEM
routines:PEM_read_bio:no start line
@40000000445a443e2bf793bc tcpserver: end 21480 status 256
@40000000445a443e2bf79f74 tcpserver: status: 0/40
########################################################
thanks,
alex
.
