Article 7783 at 06/10/30 22:34:12 From: jes (at mark) enavn.com Subject: [coba-e:07783] Re: POPS, SMTPS and IMAPS errors

Index: [Article Count Order] [Thread]
Date:  Mon, 30 Oct 2006 14:30:15 +0100
From:  Jes Kasper Klittum <jes (at mark) enavn.com>
Subject:  [coba-e:07783] Re: POPS, SMTPS and IMAPS errors
To:  coba-e (at mark) bluequartz.org
Message-Id:  <4545FE67.3040001 (at mark) enavn.com>
In-Reply-To:  <20061030122606.M14154 (at mark) vaporised.com>
References:  <4541B165.4020806 (at mark) enavn.com> <4545DE69.2060903 (at mark) enavn.com> <20061030122606.M14154 (at mark) vaporised.com>
X-Mail-Count: 07783

Vapor wrote:

> Other than to confirm you finding Jez I've nothing to add. My either self-signed or 
> imported thawte certs are replicated or work in any way via the mail servers. You can 
> however edit the dovecot.conf to point to your cert and it will work, but I posted 
> regarding this a month or so back regarding this as it limits you to one cert on the 
> whole email server, which seems a little pointless.

Thanks for the tip - I now corrected the path to the key, crt and ca 
file in dovecot.conf, and restarted dovecot and sendmail - however, now 
I get this error when restarting sendmail:

Oct 30 14:14:13 bq2 sendmail[12448]: starting daemon (8.13.1): SMTP
Oct 30 14:14:13 bq2 sendmail[12448]: STARTTLS: CRLFile missing
Oct 30 14:14:13 bq2 sendmail[12448]: STARTTLS=server, error: 
SSL_CTX_use_PrivateKey_file(/usr/share/ssl/certs/sendmail.pem) failed
Oct 30 14:14:13 bq2 sendmail[12448]: STARTTLS=server: 
12448:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:731:
Oct 30 14:14:13 bq2 sendmail[12448]: STARTTLS=server: 
12448:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM 
lib:ssl_rsa.c:707:
Oct 30 14:14:13 bq2 sendmail[12448]: started as: /usr/sbin/sendmail -bd 
-OPrivacyOptions=noetrn -ODeliveryMode=queueonly 
-OQueueDirectory=/var/spool/mqueue.in -OPidFile=/var/run/sendmail.in.pid

Is sendmail using an altogether different cert then dovecot?!?

Also, POPS still complaints that a certificat chain was found, but that 
it resulted in an invalid cert that could not be validated?!?

When tring to send an email, this is logged to maillog:

Oct 30 14:24:19 bq2 sendmail[13450]: NOQUEUE: connect from vv.enavn.com 
[213.173.244.128]
Oct 30 14:24:19 bq2 sendmail[13450]: AUTH: available mech=DIGEST-MD5 
ANONYMOUS PLAIN LOGIN CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 
CRAM-MD5 LOGIN PLAIN
Oct 30 14:24:19 bq2 sendmail[13450]: k9UDOJwh013450: Milter: no active 
filter
Oct 30 14:24:19 bq2 sendmail[13450]: STARTTLS=server, error: accept 
failed=-1, SSL_error=1, errno=0, retry=-1
Oct 30 14:24:19 bq2 sendmail[13450]: STARTTLS=server: 
13450:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared 
cipher:s3_srvr.c:882:
Oct 30 14:24:19 bq2 sendmail[13450]: k9UDOJwh013450: vv.enavn.com 
[213.173.244.128] did not issue MAIL/EXPN/VRFY/ETRN during connection to 
TLSMTA
Oct 30 14:24:19 bq2 sendmail[13451]: NOQUEUE: connect from vv.enavn.com 
[213.173.244.128]
Oct 30 14:24:19 bq2 sendmail[13451]: AUTH: available mech=DIGEST-MD5 
ANONYMOUS PLAIN LOGIN CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 
CRAM-MD5 LOGIN PLAIN
Oct 30 14:24:19 bq2 sendmail[13451]: k9UDOJSC013451: Milter: no active 
filter
Oct 30 14:24:19 bq2 sendmail[13451]: STARTTLS=server, error: accept 
failed=0, SSL_error=5, errno=0, retry=-1
Oct 30 14:24:19 bq2 sendmail[13451]: k9UDOJSC013451: vv.enavn.com 
[213.173.244.128] did not issue MAIL/EXPN/VRFY/ETRN during connection to 
TLSMTA

I am not very well founded in SSL, so I am not sure what on earth I am 
doing wrong. Does any of the above trigger someones mind? :)

/Jes