On 04/22/2011 04:09 AM, Jim Flanagan wrote:
Hi Guys,
I really could use some help here, I'm kind of stuck. Trying to get my SSL certs to work right with postfix/cyrus imap. I think I'm very close, but something is still not quite right.
I've got a signed SSL cert, but my email client does not recognize it as being signed by a trusted authority. There is a CA cert in my mail client from StartSSL so it should recognized the signed one on my server. Also, I'm getting ssl errors saying the ssl rx record too long. I've googled all over and find references to that, but nothing that helped my case.
I'm starting to think SSL is not set up or working properly here. Sending email via TLS works ok (except for not recognizing the cert as signed by trusted authority), but chekcing email via SSL does not work properly, and presents both errors as described above. I've mainly been using Trhunderbird, but tried setting up Kmail to try another program. It auto-detected TLS as being offered by the server, but did not detect SSL as being offered. (Specifically, no security and TLS, with plain text passwords, but not SSL).
Perhaps I don't need SSL and can use TLS?? This defaults to port 143. Previously I used my firewall to limit plain text access to port 143, but I suppose I can force TLS on both smtp and imap?
I'd be happy to supply any setup info you might need, but I've done so much I don't want to clog up this email with everything.
I did question the StartSSL guys who advised to combine 2 files, there main CA and a Sub-Ca into one file. I did that but it didn't resolve anything. The CA and Sub-CA certs are in the same dir as my signed cert and private key. Private key is set to chmod 400 and everything else is 644.
Localhost is reporting as follows: user@jimmee:~> telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 jjfiii.com ESMTP Postfix ehlo localhost 250-jjfiii.com 250-PIPELINING 250-SIZE 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
As I said I think I'm very close to having this set up right. Something I'm missing. Not sure what.
Thanks for any help.
Jim F Port 25 is for non SSL SMTP traffic. You cant expect it give you a SSL connection. Port 465 is the SSL port for SMTP. This should be opened from postfix master.cf. Also port 143 is standard non SSL IMAP port. Port 993 is the SSL port for IMAP. This is configured in your cyrus IMAP so check the settings there.
Regards, Mihira -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org