Mailinglist Archive: opensuse (963 mails)

< Previous Next >
Re: [OT] [opensuse] I'm stuck - SSL Certs / email server
On 04/26/2011 06:44 AM, Sandy Drobic wrote:
On 26.04.2011 10:35, Mihira Fernando wrote:
On 04/26/2011 01:57 PM, Sandy Drobic wrote:
Your assumption was that encryption is mandantional and thus responsible for
rejecting mails that should be accepted.
This is where you went off track, or where my sentence was not clear enough
(most likely its the latter).

What I wrote :

Running SSL or TLS only on port 25 is likely to
cause your server to loose mail

What I meant : Enforcing SSL or TLS on port 25 so that encryption is made to
be the mandatory default is likely to cause the server to loose mail.
Yes, that is what I thought. I was irritated by the phrase "cause the server
to loose mail". You can't loose mail that you haven't accepted. (^-^)

It is more like a self-inflicted denial-of-service. ;-)

Sandy

OK, thanks everyone for the good info and help. I've made some progress and have my certs set so that I can send out email, and the certs are recognized as being signed. Finally. The only error on sending as of now is that the cert is not for this site. This is understandable as I'm using "localhost" instead of my domain right now. This should resolve itself once I take this server online and use my domain name on it. (What I had to do was to cat my signed cert with the StartSSL intermediate CA and their CA into one file. I read that section of the postfix.org config page about 14 times before that sunk in. I stopped to set up Apache2 and had a few problems getting the certs right there too, but that got me going to work on combining the cert and CAs).

Still having problems receiving, or rather reading received mails via imaps. And this is getting pretty weird. Thunderbird does not like setting imap security to SSL/TLS (port 9930, and still gives the error that ssl rx record is too long. Setting it to STARTTLS is worse (on port 143), all sorts of errors fly up saying that the server is not available or has disconnected.

Here's the weird part. Kmail seems to work just fine. Using the feature in setting up an email account to check what the server provides for security, it offers None and Use TLS (over port 143) and defaults to Use TLS. Works fine and does not mention any problem with my certs (now that I have them combined into one cert file). What also seems weird to me is that Kmail does not show that SSL is being offered by my mail server. I do not understand that. But if its happy with TLS I can work with that.

But I prefer to have Thunderbird working properly also as most clients are non-linux and TBird is multi platform.

I’m starting to think TBird does not like my 256 bit cert, although I find that hard to believe. Firefox seems happy with this same 256 bit cert on Apache2. Do I need a 128 bit cert for TBird?

I'm not familiar with TBird logs, but trying to access imaps email with TBrid, /var/log/mail shows:

Apr 28 19:34:30 jimmee postfix/smtpd[6823]: connect from localhost[::1]
Apr 28 19:34:30 jimmee postfix/smtpd[6823]: setting up TLS connection from localhost[::1]
Apr 28 19:34:30 jimmee postfix/smtpd[6823]: Anonymous TLS connection established from localhost[::1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 28 19:35:00 jimmee postfix/smtpd[6823]: warning: Illegal address syntax from localhost[::1] in RCPT command: <jim@192.168.1.117>
Apr 28 19:35:05 jimmee postfix/smtpd[6823]: lost connection after RSET from localhost[::1]
Apr 28 19:35:05 jimmee postfix/smtpd[6823]: disconnect from localhost[::1]

Accessing imaps with KMail, /var/log/mail shows:

Apr 28 19:53:25 jimmee postfix/smtpd[7419]: connect from unknown[192.168.1.117]
Apr 28 19:53:25 jimmee postfix/smtpd[7419]: setting up TLS connection from unknown[192.168.1.117]
Apr 28 19:53:25 jimmee postfix/smtpd[7419]: Anonymous TLS connection established from unknown[192.168.1.117]: TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)
Apr 28 19:53:25 jimmee postfix/smtpd[7419]: 9CD174044E: client=unknown[192.168.1.117]
Apr 28 19:53:25 jimmee postfix/cleanup[7429]: 9CD174044E: message-id=<4DBA0C04.20702@xxxxxxxxxx>
Apr 28 19:53:25 jimmee postfix/qmgr[5634]: 9CD174044E: from=<jim@xxxxxxxxxx>, size=1313, nrcpt=1 (queue active)
Apr 28 19:53:25 jimmee postfix/smtpd[7419]: disconnect from unknown[192.168.1.117]
Apr 28 19:53:25 jimmee postfix/lmtp[7431]: 9CD174044E: to=<mimi@[192.168.1.118]>, relay=jjfiii.com[/var/lib/imap/socket/lmtp], delay=0.29, delays=0.08/0.01/0.02/0.18, dsn=2.1.5, status=sent (250 2.1.5 Ok)
Apr 28 19:53:25 jimmee postfix/qmgr[5634]: 9CD174044E: removed

The TBird conneciton fails, the KMail one doesn't.

??????????

Any more thoughts on this? I sure appreciate all your help and patience.

Jim F
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups