[opensuse] Re: postfix+imap vs. client connection
I've been spending a lot of time trying to figure out how to get Postfix to work. I have been configuring with yast and all the elements appear to have started based upon pid values. Postfix is supposed to be dumping to Cyrus-imap. All SSL configurations are set and the values in main.cf are correct based upon my entries in yast. All the certs appear to have been generated appropriately. On a Kmail client, however, I'm getting the message "Login only available under a layer". Since all the TLS stuff appears to be running on the server I'm up the proverbial creek with no clue. Anybody that can give some direction? Thanks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Oct 26, 2008 at 9:05 PM, Chuck Davis <cjgunzel@gmail.com> wrote:
I've been spending a lot of time trying to figure out how to get Postfix to work. I have been configuring with yast and all the elements appear to have started based upon pid values. Postfix is supposed to be dumping to Cyrus-imap. All SSL configurations are set and the values in main.cf are correct based upon my entries in yast. All the certs appear to have been generated appropriately.
On a Kmail client, however, I'm getting the message "Login only available under a layer". Since all the TLS stuff appears to be running on the server I'm up the proverbial creek with no clue.
Anybody that can give some direction?
Is this message in response to a Imap session or a smtp connection. Kmail has that niffty button that says "Check what the server provides," It will let you know if something is wrong, because it won't offer methods you think it should. There are uaually two sets of certs (or copies in two places) (shouldn't need to be but it seems to work better that way). It sounds like you don't have SSL running properly, but surfing the logs may reveal something. I end up setting up the chain postfix->amavis-new->postfix(again)->cyrus every two or three years. Its so robust I usually never have to mess with it after its set up, and I end up forgetting lots of stuff. Keep notes. -- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hey John:
Is this message in response to a Imap session or a smtp connection.
This is Kmail trying to connect to Cyrus imap. I've never had a problem with Postfix getting the mail and delivering to the server. But getting Kmail to connect to the server is torture!! I haven't even opened port 25 yet for Postfix testing -- not until I can gather what comes through.
Kmail has that niffty button that says "Check what the server provides," It will let you know if something is wrong, because it won't offer methods you think it should.
I can't count the number of times I have pressed that nifty little button. The server responds no encrypting and 3 auth methods -- none of which works. As I recall (the machine is at home right now where I can to R & D in my evenings!) the 3 are plain, cram-md5 and digest-md5. One would be inclined to think that when the server responds with those options they would work when chosen for configuration! I have no problem connecting with telnet to port 143 -- get all the right words. Says all the right things but not to Kmail apparently.
There are uaually two sets of certs (or copies in two places) (shouldn't need to be but it seems to work better that way).
Where are the two sets of certs? I only have on set in the /ect/postfix/ssl directory.
It sounds like you don't have SSL running properly, but surfing the logs may reveal something.
I end up setting up the chain postfix->amavis-new->postfix(again)->cyrus every two or three years. Its so robust I usually never have to mess with it after its set up, and I end up forgetting lots of stuff. Keep notes.
I even reinstalled a second and third time last night but to no avail. What is so wrong with SUSE producing a recipie for two or three senarios -- other and jsut the Postfix settings in the Postfix docs? If you can help me get this running (and yes, I WILL document it this time!) I will be ever so grateful. Chuck
-- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Chuck Davis wrote:
Hey John:
Is this message in response to a Imap session or a smtp connection.
This is Kmail trying to connect to Cyrus imap. I've never had a problem with Postfix getting the mail and delivering to the server. But getting Kmail to connect to the server is torture!! I haven't even opened port 25 yet for Postfix testing -- not until I can gather what comes through.
Kmail has that niffty button that says "Check what the server provides," It will let you know if something is wrong, because it won't offer methods you think it should.
I can't count the number of times I have pressed that nifty little button. The server responds no encrypting and 3 auth methods -- none of which works. As I recall (the machine is at home right now where I can to R & D in my evenings!) the 3 are plain, cram-md5 and digest-md5.
Digest will not work. Never has as far as I can tell. Use plain. You are already in an SSL tunnel, there is no reason to further complicate the issue. I don't even allow access to our Cyrus via un-encrypted channels. Cyrus is accessed via Imap 993 with ssl.
One would be inclined to think that when the server responds with those options they would work when chosen for configuration!
No, the server responds with options you tell it to respond with. Go remove those that don't work from the config, and it won't offer them any more.
I have no problem connecting with telnet to port 143 -- get all the right words. Says all the right things but not to Kmail apparently.
Don't allow access via 143. Its a crutch. It prevents you from solving the real problem with certificates.
There are uaually two sets of certs (or copies in two places) (shouldn't need to be but it seems to work better that way).
Where are the two sets of certs? I only have on set in the /ect/postfix/ssl directory.
Cyrus has its own set. You can contrive to make them the same, but its usually more trouble than its worth. Mine are in /var/lib/imap/ because cyrus runs in a chroot and can't access the ones in /etc/postfix/ssl/certs/ These certs for cyrus include these: and they are not the same as the ones for postfix, (but they could be if you wanted them to be). /var/lib/imap/key.pem /var/lib/imap/req.pem /var/lib/imap/server.pem The whole saslauthd thing is a big mystery, but it is key. Get that running and the rest falls into place. I found several good howto's on the web about this and I thought I had them book marked, but can't find them. I will mail you privately my notes, Chuck, to see if they can be of some help. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Chuck Davis wrote:
I've been spending a lot of time trying to figure out how to get Postfix to work. I have been configuring with yast and all the elements appear to have started based upon pid values. Postfix is supposed to be dumping to Cyrus-imap. All SSL configurations are set and the values in main.cf are correct based upon my entries in yast. All the certs appear to have been generated appropriately.
On a Kmail client, however, I'm getting the message "Login only available under a layer". Since all the TLS stuff appears to be running on the server I'm up the proverbial creek with no clue.
Anybody that can give some direction?
You could post /etc/imapd.conf to check the config, also check if saslauthd is running. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Sandy: I'll check that this evening. The docs made it sound like Yast would take care of configuring everything. Obviously not -- and it doesn't indicate what it does not take care of either! I'll check the imapd.conf tonight to see if I can find something. Sasl appears to be running but........... Thanks for your interest. Chuck
You could post /etc/imapd.conf to check the config, also check if saslauthd is running.
-- Sandy
List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Chuck Davis -
John Andersen -
Sandy Drobic