Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 52068

Summary: smtp_auth in qmail-ldap-1.03-r4 don't work
Product: Gentoo Linux Reporter: Wagner Sartori Junior <wsartori>
Component: New packagesAssignee: Benjamin Coles <sj7trunks>
Status: RESOLVED FIXED    
Severity: normal CC: robbat2
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Wagner Sartori Junior 2004-05-26 00:15:54 UTC 
when I do a telnet to my port 25, in ehlo command I have:
250-mail.gruporw.com.br
250-PIPELINING
250-SIZE 0
250-DATAZ
250-STARTTLS
250 8BITMIME

where is the md5, plain stuff???

Reproducible: Always
Steps to Reproduce:
1. emerge qmail-ldap
try to do the smtp_auth stuff works
Actual Results:  
don't works.

Expected Results:  
works.

Portage 2.0.50-r6 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.4.25-gentoo-
r2)
=================================================================
System uname: 2.4.25-gentoo-r2 i686 Intel(R) Pentium(R) III CPU             
1000MHz
Gentoo Base System version 1.4.10
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=pentium3 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/s
hare/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/
dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/c
onfig/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=pentium3 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://mirrors.tds.net/gentoo 
ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://mirror.datapipe.net/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="aalib apache2 apm arts avi berkdb crypt cups doc encode foomaticdb gd gdbm 
gif imagemagick imap imlib innodb java jpeg lcms ldap libg++ libwww mad maildir 
mikmod mmx motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl 
png postgres python quicktime readline samba sasl sdl slang snmp spell sse ssl 
svga tcpd tetex tiff truetype x86 xml2 xmms xv zlib"
Comment 1 Benjamin Coles 2004-06-01 22:39:31 UTC 
If you read the docs that came with qmail-ldap, you 'll see that smtp_auth is only available after starttls is in place. Check it with this:

openssl s_client -connect localhost:25 -state -starttls smtp

If that doesn't show up in there then you need to edit your tcprules

Let me know how it goes=)
Comment 2 Wagner Sartori Junior 2004-06-01 23:11:29 UTC 
I have this:
---------------------------------------
# openssl s_client -connect localhost:25 -state -starttls smtp
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
27588:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:
Comment 3 Benjamin Coles 2004-06-01 23:36:17 UTC 
Did you ever get TLS setup? which includes setting up the .pem file?

Run /var/qmail/bin/mkservercert

then rename /var/qmail/control/servercert.pem to /var/qmail/control/cert.pem

then try the command again
Comment 4 Wagner Sartori Junior 2004-06-02 07:35:48 UTC 
now I think that resolve the problem! the ebuild has to rename de servercert pem file!

result:
--------------------------------------
# openssl s_client -connect localhost:25 -state -starttls smtp
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost
   i:/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC+zCCAmSgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FsYWJhbWExDzANBgNVBAcTBk1vYmlsZTEXMBUGA1UEChMORm9v
YmFyIFN5c3RlbXMxMzAxBgNVBAsTKkF1dG9tYXRpY2FsbHktZ2VuZXJhdGVkIFFt
YWlsIFNNVFAgU1NMIGtleTESMBAGA1UEAxMJbG9jYWxob3N0MSMwIQYJKoZIhvcN
AQkBFhRwb3N0bWFzdGVyQGxvY2FsaG9zdDAeFw0wNDA1MjExNTI3MTRaFw0wNTA1
MjExNTI3MTRaMIG3MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQWxhYmFtYTEPMA0G
A1UEBxMGTW9iaWxlMRcwFQYDVQQKEw5Gb29iYXIgU3lzdGVtczEzMDEGA1UECxMq
QXV0b21hdGljYWxseS1nZW5lcmF0ZWQgUW1haWwgU01UUCBTU0wga2V5MRIwEAYD
VQQDEwlsb2NhbGhvc3QxIzAhBgkqhkiG9w0BCQEWFHBvc3RtYXN0ZXJAbG9jYWxo
b3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgJqoUcJmWhoY1dSaVkPVG
FIIUGKIfRgKLwtiZr7z7WQMMfNbmvAjjjDeGMQJydcaF5E20UDXC33s+2sTmBb9L
aBZwr46t9/l02D3UEdO0rYqXyy6Rppqe4C/0LOhabKi4zFUlz3Ce/axrlQGtMuUm
2qrcdNly2Y/JiVw0TLJ5LwIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ
KoZIhvcNAQEEBQADgYEAvrhqegCHfy0PR+b1egGXJmPqn63K575dPGMfcgQBWJoa
TjfgxeAmu1IRXDzx0xpNt2EZBeoYlHexhgAliyiTYYMNpZzwd59eY2A2HzBUhm3l
D2bXkxNE96hYwUmftN6dIfSwXiLlD7jycx8h8RtxFljaBj7EWkDQkW1ZyQSGdjQ=
-----END CERTIFICATE-----
subject=/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost
issuer=/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost
---
No client certificate CA names sent
---
SSL handshake has read 975 bytes and written 356 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: DEA41696407FA5DEE77BB356A413F8F52233135CAE30AF4A6715E91D1EE5191B
    Session-ID-ctx:
    Master-Key: 7D1B9B760132DCB150273C4C6721837642B7EB67C2B403C6E5086E5B33C571ED9BBE4164E92D2E76FC3ADE367C90C0F4
    Key-Arg   : None
    Start Time: 1086186867
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
220 gruporw.com.br ESMTP
Comment 5 Benjamin Coles 2004-06-02 08:22:56 UTC 
I'll add it to the next upgrade of qmail-ldap
Comment 6 Ricardo Nuno 2004-11-03 04:51:00 UTC 
hmm.. I did has intructed here, but i get the same result:

sado control # /var/qmail/bin/mkservercert
 * Please customize /var/qmail/control/servercert.cnf before continuing!
 * Press ENTER to continue, or CTRL-C to stop now.

 * Creating self-signed certificate
Generating a 1024 bit RSA private key
...++++++
....++++++
writing new private key to '/var/qmail/control/servercert.pem'
-----
 * Certificate details
subject= /C=PT/ST=Queluz/L=Queluz/O=Moonlight/OU=SSL/CN=sado.moonlight.pt/emailAddress=admin@moonlight.pt
notBefore=Nov  3 12:38:35 2004 GMT
notAfter=Nov  3 12:38:35 2005 GMT
MD5 Fingerprint=B7:BF:A5:9C:C6:28:55:78:2A:F6:FA:4C:0C:77:53:85
ln: `/var/qmail/control/clientcert.pem': File exists
sado control # cp /var/qmail/control/servercert.pem /var/qmail/control/cert.pem
sado control # openssl s_client -connect localhost:25 -state -starttls smtp
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
5350:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:
Comment 7 Ricardo Nuno 2004-11-03 04:55:53 UTC 
OK! Please ingnore my last post. It works, i forgot to chown the file sorry :|
Comment 8 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-02-14 00:04:54 UTC 
closing as user notes it works.