when I do a telnet to my port 25, in ehlo command I have: 250-mail.gruporw.com.br 250-PIPELINING 250-SIZE 0 250-DATAZ 250-STARTTLS 250 8BITMIME where is the md5, plain stuff??? Reproducible: Always Steps to Reproduce: 1. emerge qmail-ldap try to do the smtp_auth stuff works Actual Results: don't works. Expected Results: works. Portage 2.0.50-r6 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.4.25-gentoo- r2) ================================================================= System uname: 2.4.25-gentoo-r2 i686 Intel(R) Pentium(R) III CPU 1000MHz Gentoo Base System version 1.4.10 Autoconf: sys-devel/autoconf-2.58-r1 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -march=pentium3 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/s hare/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/ dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/c onfig/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=pentium3 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://mirrors.tds.net/gentoo ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://mirror.datapipe.net/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="aalib apache2 apm arts avi berkdb crypt cups doc encode foomaticdb gd gdbm gif imagemagick imap imlib innodb java jpeg lcms ldap libg++ libwww mad maildir mikmod mmx motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png postgres python quicktime readline samba sasl sdl slang snmp spell sse ssl svga tcpd tetex tiff truetype x86 xml2 xmms xv zlib"
If you read the docs that came with qmail-ldap, you 'll see that smtp_auth is only available after starttls is in place. Check it with this: openssl s_client -connect localhost:25 -state -starttls smtp If that doesn't show up in there then you need to edit your tcprules Let me know how it goes=)
I have this: --------------------------------------- # openssl s_client -connect localhost:25 -state -starttls smtp CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:error in SSLv2/v3 read server hello A 27588:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:
Did you ever get TLS setup? which includes setting up the .pem file? Run /var/qmail/bin/mkservercert then rename /var/qmail/control/servercert.pem to /var/qmail/control/cert.pem then try the command again
now I think that resolve the problem! the ebuild has to rename de servercert pem file! result: -------------------------------------- # openssl s_client -connect localhost:25 -state -starttls smtp CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 /C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost i:/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost --- Server certificate -----BEGIN CERTIFICATE----- MIIC+zCCAmSgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FsYWJhbWExDzANBgNVBAcTBk1vYmlsZTEXMBUGA1UEChMORm9v YmFyIFN5c3RlbXMxMzAxBgNVBAsTKkF1dG9tYXRpY2FsbHktZ2VuZXJhdGVkIFFt YWlsIFNNVFAgU1NMIGtleTESMBAGA1UEAxMJbG9jYWxob3N0MSMwIQYJKoZIhvcN AQkBFhRwb3N0bWFzdGVyQGxvY2FsaG9zdDAeFw0wNDA1MjExNTI3MTRaFw0wNTA1 MjExNTI3MTRaMIG3MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQWxhYmFtYTEPMA0G A1UEBxMGTW9iaWxlMRcwFQYDVQQKEw5Gb29iYXIgU3lzdGVtczEzMDEGA1UECxMq QXV0b21hdGljYWxseS1nZW5lcmF0ZWQgUW1haWwgU01UUCBTU0wga2V5MRIwEAYD VQQDEwlsb2NhbGhvc3QxIzAhBgkqhkiG9w0BCQEWFHBvc3RtYXN0ZXJAbG9jYWxo b3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgJqoUcJmWhoY1dSaVkPVG FIIUGKIfRgKLwtiZr7z7WQMMfNbmvAjjjDeGMQJydcaF5E20UDXC33s+2sTmBb9L aBZwr46t9/l02D3UEdO0rYqXyy6Rppqe4C/0LOhabKi4zFUlz3Ce/axrlQGtMuUm 2qrcdNly2Y/JiVw0TLJ5LwIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ KoZIhvcNAQEEBQADgYEAvrhqegCHfy0PR+b1egGXJmPqn63K575dPGMfcgQBWJoa TjfgxeAmu1IRXDzx0xpNt2EZBeoYlHexhgAliyiTYYMNpZzwd59eY2A2HzBUhm3l D2bXkxNE96hYwUmftN6dIfSwXiLlD7jycx8h8RtxFljaBj7EWkDQkW1ZyQSGdjQ= -----END CERTIFICATE----- subject=/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost issuer=/C=US/ST=Alabama/L=Mobile/O=Foobar Systems/OU=Automatically-generated Qmail SMTP SSL key/CN=localhost/emailAddress=postmaster@localhost --- No client certificate CA names sent --- SSL handshake has read 975 bytes and written 356 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: DEA41696407FA5DEE77BB356A413F8F52233135CAE30AF4A6715E91D1EE5191B Session-ID-ctx: Master-Key: 7D1B9B760132DCB150273C4C6721837642B7EB67C2B403C6E5086E5B33C571ED9BBE4164E92D2E76FC3ADE367C90C0F4 Key-Arg : None Start Time: 1086186867 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 220 gruporw.com.br ESMTP
I'll add it to the next upgrade of qmail-ldap
hmm.. I did has intructed here, but i get the same result: sado control # /var/qmail/bin/mkservercert * Please customize /var/qmail/control/servercert.cnf before continuing! * Press ENTER to continue, or CTRL-C to stop now. * Creating self-signed certificate Generating a 1024 bit RSA private key ...++++++ ....++++++ writing new private key to '/var/qmail/control/servercert.pem' ----- * Certificate details subject= /C=PT/ST=Queluz/L=Queluz/O=Moonlight/OU=SSL/CN=sado.moonlight.pt/emailAddress=admin@moonlight.pt notBefore=Nov 3 12:38:35 2004 GMT notAfter=Nov 3 12:38:35 2005 GMT MD5 Fingerprint=B7:BF:A5:9C:C6:28:55:78:2A:F6:FA:4C:0C:77:53:85 ln: `/var/qmail/control/clientcert.pem': File exists sado control # cp /var/qmail/control/servercert.pem /var/qmail/control/cert.pem sado control # openssl s_client -connect localhost:25 -state -starttls smtp CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:error in SSLv2/v3 read server hello A 5350:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:
OK! Please ingnore my last post. It works, i forgot to chown the file sorry :|
closing as user notes it works.
