Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Gary Bowling 


  
  


Absolutely. I think I've got that already, as that's the way the
  default install works, but I should probably go do some tests just
  to make sure.  Nothing like configuring a client and trying it to
  test it out. 



Gary



On 3/23/2024 10:25 AM, Tonix wrote:


  
  Glad to hear. In any case any usage
of submission port, both to local and external domains, should
be done only by authenticated users.
  
  
  Tonino
  
  
  
  
  
  Il 23/03/2024 12:38, Gary Bowling ha
scritto:
  
  

Thanks, the error turned out to be solved by fixing up the 
  /var/qmail/supervise/submission/run file to accept starttls
  and encrypted passwords. 



On 3/23/2024 4:20 AM, Tonix wrote:


  
  "However, when I try to send to external
domains, I get the error that CHKUSER rejected relaying,
saying "client not allowed to relay"".
  
  
  That means sending user is not authenticated.
  
  
  Probably your submission port accepts messages
from anyone for local domains.
  
  
  
  Tonino
  
  
  
Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
  ha scritto:

  Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:
Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.


Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded:  TLS no valid RSA private key: error:8002:system library::No such file or directory (#4.3.0).


To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
  
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Tonix 
Glad to hear. In any case any usage of submission port, both to local 
and external domains, should be done only by authenticated users.


Tonino


Il 23/03/2024 12:38, Gary Bowling ha scritto:


Thanks, the error turned out to be solved by fixing up the 
/var/qmail/supervise/submission/run file to accept starttls and 
encrypted passwords.



On 3/23/2024 4:20 AM, Tonix wrote:
"However, when I try to send to external domains, I get the error 
that CHKUSER rejected relaying, saying "client not allowed to relay"".


That means sending user is not authenticated.

Probably your submission port accepts messages from anyone for local 
domains.


Tonino


Il 23 marzo 2024 00:35:38 CET, g...@gbco.us ha scritto:

Ok, in my old server's /var/qmail/supervise/submission/run file,
I had the following line. export REQUIRE_AUTH=1 In the new
server, it had the following line. export SMTPAUTH="!" I'm not
sure what the syntax on the new server line means. I changed the
line to be like my old server and now sending mail through port
587, with starttls for local domains. However, when I try to send
to external domains, I get the error that CHKUSER rejected
relaying, saying "client not allowed to relay" Maybe I'm making
progress, but don't know. Gary On 2024-03-22 19:30, g...@gbco.us
wrote:

Well, this is the way many of my clients are already
configured... So I have to figure out a way to make it work,
or go back to my old server. Not really an option to
reconfigure all my clients. Thanks, Gary On 2024-03-22 19:26,
Remo Mattei wrote:

You need to use password not encrypted. Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha
scritto:  I can send mail via the roundcube web
mail. That's where this message is coming from. When
sending mail from thunderbird, I have my smtp server
set up in my client as Port 587 startTLS Encrypted
Password This is the same as I had with a number of
clients on my old server. When I try to send email, I
get this error. Sending of the message failed. An
error occurred while sending mail: Outgoing server
(SMTP) error. The server responded: TLS no valid RSA
private key: error:8002:system
library::No such file or directory (#4.3.0). To
create certificates on my new server. I retrieved
certs from letencrypt and then did this. cp -p
/var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth cat

/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem chown
vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem Any idea
what's going on with this error? thanks, Gary


To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com 




To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com 



To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 



To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Peter Peterse 
Yeh, but the email software didn't accept the ecdsa key. I've tried the key 
order but keeps failing. But now I've seen this thread it could be a config 
option.

Greets,
Peter

Gary Bowling  schreef op 23 maart 2024 12:36:21 CET:
>
>Thanks Peter, good to know as it looks like they are going to ecdsa for the 
>default.
>
>
>On 3/23/2024 3:18 AM, Peter Peterse wrote:
>
>Hi,
>
> Letsencrypt van generate rsa keys by using --key-type rsa 
>
> The order in my servercert.pem is private key followed by the fullchain file. 
> I'm using Almalinux 9
>
> Regards,
> Peter
>
>
>
>g...@gbco.us  schreef op 23 maart 2024 00:05:48 CET:
>
> It looks like letsencrypt is now using ecdsa by default. So I went back and 
> copied my certs off my old server, probably not what I really want to do. But 
> it did give me a different error. Now I'm getting this one. Sending of the 
> message failed. The Outgoing server (SMTP) mail.gbco.us does not seem to 
> support encrypted passwords. If you just set up the account, try changing the 
> 'Authentication method' in 'Account settings | Outgoing server (SMTP)' to 
> 'Normal password'. I thought I tested this before with the new server, but 
> maybe I didn't test it correctly. Anyone got any ideas? On 2024-03-22 18:29, 
> g...@gbco.us  wrote: 
>
>I can send mail via the roundcube web mail. That's where this message is 
>coming from. When sending mail from thunderbird, I have my smtp server set up 
>in my client as Port 587 startTLS Encrypted Password This is the same as I had 
>with a number of clients on my old server. When I try to send email, I get 
>this error. Sending of the message failed. An error occurred while sending 
>mail: Outgoing server (SMTP) error. The server responded: TLS no valid RSA 
>private key: error:8002:system library::No such file or directory 
>(#4.3.0). To create certificates on my new server. I retrieved certs from 
>letencrypt and then did this. cp -p /var/qmail/control/servercert.pem 
>/var/qmail/control/servercert.pem.lastmonth cat 
>/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
>
>/var/qmail/control/servercert.pem 
>
> chown vpopmail:qmail /var/qmail/control/servercert.pem chmod 640 
> /var/qmail/control/servercert.pem Any idea what's going on with this error? 
> thanks, Gary
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> For additional 
>commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 
>
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> For additional 
>commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 
>
> - To 
> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For 
> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Gary Bowling 


  
  
Thanks, the error turned out to be solved by fixing up the 
  /var/qmail/supervise/submission/run file to accept starttls and
  encrypted passwords. 



On 3/23/2024 4:20 AM, Tonix wrote:


  
  "However, when I try to send to external domains,
I get the error that CHKUSER rejected relaying, saying "client
not allowed to relay"".
  
  
  That means sending user is not authenticated.
  
  
  Probably your submission port accepts messages
from anyone for local domains.
  
  
  
  Tonino
  
  
  
Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
  ha scritto:

  Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:
Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.


Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded:  TLS no valid RSA private key: error:8002:system library::No such file or directory (#4.3.0).


To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Gary Bowling 


  
  


Thanks Peter, good to know as it looks like they are going to
  ecdsa for the default.



On 3/23/2024 3:18 AM, Peter Peterse
  wrote:


  
  Hi,

Letsencrypt van generate rsa keys by using --key-type rsa 

The order in my servercert.pem is private key followed by the
fullchain file. I'm using Almalinux 9

Regards,
Peter
  
  
  
  
g...@gbco.us schreef op 23 maart 2024 00:05:48
  CET:

  
It looks like letsencrypt is now using ecdsa by default.

So I went back and copied my certs off my old server, probably not what I really want to do. But it did give me a different error. Now I'm getting this one.

Sending of the message failed.
The Outgoing server (SMTP) mail.gbco.us does not seem to support encrypted passwords. If you just set up the account, try changing the 'Authentication method' in 'Account settings | Outgoing server (SMTP)' to 'Normal password'.


I thought I tested this before with the new server, but maybe I didn't test it correctly. Anyone got any ideas?




On 2024-03-22 18:29, g...@gbco.us wrote:
I can send mail via the roundcube web mail. That's where this message
is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error.
The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0).


To create certificates on my new server. I retrieved certs from
letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
/var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Tonix 
"However, when I try to send to external domains, I get the error that 
CHKUSER rejected relaying, saying "client not allowed to relay"".


That means sending user is not authenticated.

Probably your submission port accepts messages from anyone for local 
domains.


Tonino


Il 23 marzo 2024 00:35:38 CET, g...@gbco.us ha scritto:

   Ok, in my old server's /var/qmail/supervise/submission/run file, I
   had the following line. export REQUIRE_AUTH=1 In the new server, it
   had the following line. export SMTPAUTH="!" I'm not sure what the
   syntax on the new server line means. I changed the line to be like
   my old server and now sending mail through port 587, with starttls
   for local domains. However, when I try to send to external domains,
   I get the error that CHKUSER rejected relaying, saying "client not
   allowed to relay" Maybe I'm making progress, but don't know. Gary On
   2024-03-22 19:30, g...@gbco.us wrote:

   Well, this is the way many of my clients are already
   configured... So I have to figure out a way to make it work, or
   go back to my old server. Not really an option to reconfigure
   all my clients. Thanks, Gary On 2024-03-22 19:26, Remo Mattei
   wrote:

   You need to use password not encrypted. Inviato da iPhone

   Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha
   scritto:  I can send mail via the roundcube web mail.
   That's where this message is coming from. When sending
   mail from thunderbird, I have my smtp server set up in
   my client as Port 587 startTLS Encrypted Password This
   is the same as I had with a number of clients on my old
   server. When I try to send email, I get this error.
   Sending of the message failed. An error occurred while
   sending mail: Outgoing server (SMTP) error. The server
   responded: TLS no valid RSA private key:
   error:8002:system library::No such file or
   directory (#4.3.0). To create certificates on my new
   server. I retrieved certs from letencrypt and then did
   this. cp -p /var/qmail/control/servercert.pem
   /var/qmail/control/servercert.pem.lastmonth cat
   
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem chown
   vpopmail:qmail /var/qmail/control/servercert.pem chmod
   640 /var/qmail/control/servercert.pem Any idea what's
   going on with this error? thanks, Gary
   

   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For
   additional commands, e-mail:
   qmailtoaster-list-h...@qmailtoaster.com 


   

   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For
   additional commands, e-mail:
   qmailtoaster-list-h...@qmailtoaster.com 


   
   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
   commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 


   
   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
   commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Peter Peterse 
Hi,

Letsencrypt van generate rsa keys by using --key-type rsa 

The order in my servercert.pem is private key followed by the fullchain file. 
I'm using Almalinux 9

Regards,
Peter


g...@gbco.us schreef op 23 maart 2024 00:05:48 CET:
>
>It looks like letsencrypt is now using ecdsa by default.
>
>So I went back and copied my certs off my old server, probably not what I 
>really want to do. But it did give me a different error. Now I'm getting this 
>one.
>
>Sending of the message failed.
>The Outgoing server (SMTP) mail.gbco.us does not seem to support encrypted 
>passwords. If you just set up the account, try changing the 'Authentication 
>method' in 'Account settings | Outgoing server (SMTP)' to 'Normal password'.
>
>
>I thought I tested this before with the new server, but maybe I didn't test it 
>correctly. Anyone got any ideas?
>
>
>
>
>On 2024-03-22 18:29, g...@gbco.us wrote:
>> I can send mail via the roundcube web mail. That's where this message
>> is coming from.
>> 
>> When sending mail from thunderbird, I have my smtp server set up in my 
>> client as
>> 
>> Port 587
>> startTLS
>> Encrypted Password
>> 
>> This is the same as I had with a number of clients on my old server.
>> 
>> When I try to send email, I get this error.
>> 
>> Sending of the message failed.
>> An error occurred while sending mail: Outgoing server (SMTP) error.
>> The server responded:  TLS no valid RSA private key:
>> error:8002:system library::No such file or directory
>> (#4.3.0).
>> 
>> 
>> To create certificates on my new server. I retrieved certs from
>> letencrypt and then did this.
>> 
>> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.lastmonth
>> cat
>> /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
>> > /var/qmail/control/servercert.pem
>> 
>> chown vpopmail:qmail /var/qmail/control/servercert.pem
>> chmod 640 /var/qmail/control/servercert.pem
>> 
>> 
>> 
>> Any idea what's going on with this error?
>> 
>> thanks, Gary
>> 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>-
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Gary Bowling 


  
  


No that doesn't work. It only works if I have FORCETLS=1 and
  SMTPAUTH="!+cram"


Thanks, Gary



On 3/22/2024 9:05 PM, Eric Broch wrote:


  
  Try submission run file
  
  #!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export FORCETLS=0
export SMTPAUTH="!"

exec /usr/bin/softlimit -m 12800 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
    $SMTPD $VCHKPW /bin/true 2>&1
  
  
  Thunderbird:
  Port: 587
  Connection Security: STARTTLS
  Authentication: Normal Password
  
  
  On 3/22/2024 6:34 PM, Gary Bowling
wrote:
  
  



Rocky 9.3.


Gary



On 3/22/2024 8:31 PM, Eric Broch
  wrote:


  
  What are you running EL 8 or 9?
  
  On 3/22/2024 6:28 PM, Gary
Bowling wrote:
  
  



Yea did that.


I tried what Remo suggested, which was to change the
  client send config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the
  /var/qmail/supervise/smtps/ config. That worked, which
  told me my certs were actually ok. 



So now I needed to figure out how to make "Port 587,
  startTLS, and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the
  line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465,
  SSL/TLS, normal password"


That allows me to not have to reconfigure the clients who
  have configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric
  Broch wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where
this message is coming from. 

When sending mail from thunderbird, I have my smtp
server set up in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my
old server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server
(SMTP) error. The server responded:  TLS no valid RSA
private key: error:8002:system library::No
such file or directory (#4.3.0). 


To create certificates on my new server. I retrieved
certs from letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Eric Broch 

Try submission run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export FORCETLS=0
export SMTPAUTH="!"

exec /usr/bin/softlimit -m 12800 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
    $SMTPD $VCHKPW /bin/true 2>&1


Thunderbird:

Port: 587

Connection Security: STARTTLS

Authentication: Normal Password


On 3/22/2024 6:34 PM, Gary Bowling wrote:



Rocky 9.3.


Gary


On 3/22/2024 8:31 PM, Eric Broch wrote:


What are you running EL 8 or 9?

On 3/22/2024 6:28 PM, Gary Bowling wrote:



Yea did that.


I tried what Remo suggested, which was to change the client send 
config to:


port 465

SSL/TLS

Normal Password


This should send mail through the /var/qmail/supervise/smtps/ 
config. That worked, which told me my certs were actually ok.



So now I needed to figure out how to make "Port 587, startTLS, and 
Encrypted Password" work. Which goes through 
/var/qmail/supervise/submission


I changed the run file in that directory by removing the line:

export SMTPAUTH="!"

and adding the lines

export FORCETLS=1

export SMTPAUTH="!+cram"


And now I can send mail through the submission port by configuring a 
client to "Port 587, startTLS, and Encrypted Password" and I can 
also send mail through "port 465, SSL/TLS, normal password"



That allows me to not have to reconfigure the clients who have 
configurations on port 587.



Eric - Do you see anything wrong with doing it that way?


Thanks, Gary



On 3/22/2024 8:08 PM, Eric Broch wrote:


cat /etc/letsencrypt/live/mydomain.com/fullchain.pem 
/etc/letsencrypt/live/mydomain.com/privkey.pem > 
/var/qmail/control/servercert.pem


On 3/22/2024 4:29 PM, g...@gbco.us wrote:


I can send mail via the roundcube web mail. That's where this 
message is coming from.


When sending mail from thunderbird, I have my smtp server set up 
in my client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) 
error. The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Gary Bowling 


  
  


Rocky 9.3.


Gary



On 3/22/2024 8:31 PM, Eric Broch wrote:


  
  What are you running EL 8 or 9?
  
  On 3/22/2024 6:28 PM, Gary Bowling
wrote:
  
  



Yea did that.


I tried what Remo suggested, which was to change the client
  send config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the /var/qmail/supervise/smtps/
  config. That worked, which told me my certs were actually ok.
  



So now I needed to figure out how to make "Port 587,
  startTLS, and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the
  line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465, SSL/TLS,
  normal password"


That allows me to not have to reconfigure the clients who
  have configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric Broch
  wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where
this message is coming from. 

When sending mail from thunderbird, I have my smtp server
set up in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my old
server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server (SMTP)
error. The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or
directory (#4.3.0). 


To create certificates on my new server. I retrieved certs
from letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Eric Broch 

What are you running EL 8 or 9?

On 3/22/2024 6:28 PM, Gary Bowling wrote:



Yea did that.


I tried what Remo suggested, which was to change the client send 
config to:


port 465

SSL/TLS

Normal Password


This should send mail through the /var/qmail/supervise/smtps/ config. 
That worked, which told me my certs were actually ok.



So now I needed to figure out how to make "Port 587, startTLS, and 
Encrypted Password" work. Which goes through 
/var/qmail/supervise/submission


I changed the run file in that directory by removing the line:

export SMTPAUTH="!"

and adding the lines

export FORCETLS=1

export SMTPAUTH="!+cram"


And now I can send mail through the submission port by configuring a 
client to "Port 587, startTLS, and Encrypted Password" and I can also 
send mail through "port 465, SSL/TLS, normal password"



That allows me to not have to reconfigure the clients who have 
configurations on port 587.



Eric - Do you see anything wrong with doing it that way?


Thanks, Gary



On 3/22/2024 8:08 PM, Eric Broch wrote:


cat /etc/letsencrypt/live/mydomain.com/fullchain.pem 
/etc/letsencrypt/live/mydomain.com/privkey.pem > 
/var/qmail/control/servercert.pem


On 3/22/2024 4:29 PM, g...@gbco.us wrote:


I can send mail via the roundcube web mail. That's where this 
message is coming from.


When sending mail from thunderbird, I have my smtp server set up in 
my client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Gary Bowling 


  
  


Yea did that.


I tried what Remo suggested, which was to change the client send
  config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the /var/qmail/supervise/smtps/
  config. That worked, which told me my certs were actually ok. 



So now I needed to figure out how to make "Port 587, startTLS,
  and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465, SSL/TLS,
  normal password"


That allows me to not have to reconfigure the clients who have
  configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric Broch wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where this
message is coming from. 

When sending mail from thunderbird, I have my smtp server set up
in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my old
server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server (SMTP)
error. The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0). 


To create certificates on my new server. I retrieved certs from
letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Eric Broch 
cat /etc/letsencrypt/live/mydomain.com/fullchain.pem 
/etc/letsencrypt/live/mydomain.com/privkey.pem > 
/var/qmail/control/servercert.pem


On 3/22/2024 4:29 PM, g...@gbco.us wrote:


I can send mail via the roundcube web mail. That's where this message 
is coming from.


When sending mail from thunderbird, I have my smtp server set up in my 
client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Remo Mattei 
This value was set long ago I would suggest to leave ! And change encrypted to 
password it should all work fine. 
Inviato da iPhone

> Il giorno 22 mar 2024, alle ore 16:35, g...@gbco.us ha scritto:
> 
> Ok, in my old server's /var/qmail/supervise/submission/run file, I had the 
> following line.
> 
> export REQUIRE_AUTH=1
> 
> 
> In the new server, it had the following line.
> 
> export SMTPAUTH="!"
> 
> 
> I'm not sure what the syntax on the new server line means. I changed the line 
> to be like my old server and now sending mail through port 587, with starttls 
> for local domains.
> 
> However, when I try to send to external domains, I get the error that CHKUSER 
> rejected relaying, saying "client not allowed to relay"
> 
> Maybe I'm making progress, but don't know.
> 
> Gary
> 
> 
>> On 2024-03-22 19:30, g...@gbco.us wrote:
>> Well, this is the way many of my clients are already configured... So
>> I have to figure out a way to make it work, or go back to my old
>> server. Not really an option to reconfigure all my clients.
>> Thanks, Gary
>>> On 2024-03-22 19:26, Remo Mattei wrote:
>>> You need to use password not encrypted.
>>> Inviato da iPhone
 Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
 
 I can send mail via the roundcube web mail. That's where this message is 
 coming from.
 When sending mail from thunderbird, I have my smtp server set up in my 
 client as
 Port 587
 startTLS
 Encrypted Password
 This is the same as I had with a number of clients on my old server.
 When I try to send email, I get this error.
 Sending of the message failed.
 An error occurred while sending mail: Outgoing server (SMTP) error. The 
 server responded:  TLS no valid RSA private key: 
 error:8002:system library::No such file or directory (#4.3.0).
 To create certificates on my new server. I retrieved certs from letencrypt 
 and then did this.
 cp -p /var/qmail/control/servercert.pem 
 /var/qmail/control/servercert.pem.lastmonth
 cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
 > /var/qmail/control/servercert.pem
 chown vpopmail:qmail /var/qmail/control/servercert.pem
 chmod 640 /var/qmail/control/servercert.pem
 Any idea what's going on with this error?
 thanks, Gary
 -
 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread gb 
Ok, in my old server's /var/qmail/supervise/submission/run file, I had 
the following line.


export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the 
line to be like my old server and now sending mail through port 587, 
with starttls for local domains.


However, when I try to send to external domains, I get the error that 
CHKUSER rejected relaying, saying "client not allowed to relay"


Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:

Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:

You need to use password not encrypted.


Inviato da iPhone


Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message 
is coming from.


When sending mail from thunderbird, I have my smtp server set up in 
my client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread gb 



Well, this is the way many of my clients are already configured... So I 
have to figure out a way to make it work, or go back to my old server. 
Not really an option to reconfigure all my clients.


Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:

You need to use password not encrypted.


Inviato da iPhone


Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message 
is coming from.


When sending mail from thunderbird, I have my smtp server set up in my 
client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Remo Mattei 
I have the private first is I recall it right then cert then bundle 
I see you have an extra there. Not sure that could cause the issue 


Inviato da iPhone

> Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
> 
> 
> I can send mail via the roundcube web mail. That's where this message is 
> coming from.
> 
> When sending mail from thunderbird, I have my smtp server set up in my client 
> as
> 
> Port 587
> startTLS
> Encrypted Password
> 
> This is the same as I had with a number of clients on my old server.
> 
> When I try to send email, I get this error.
> 
> Sending of the message failed.
> An error occurred while sending mail: Outgoing server (SMTP) error. The 
> server responded:  TLS no valid RSA private key: 
> error:8002:system library::No such file or directory (#4.3.0).
> 
> 
> To create certificates on my new server. I retrieved certs from letencrypt 
> and then did this.
> 
> cp -p /var/qmail/control/servercert.pem 
> /var/qmail/control/servercert.pem.lastmonth
> cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > 
> /var/qmail/control/servercert.pem
> 
> chown vpopmail:qmail /var/qmail/control/servercert.pem
> chmod 640 /var/qmail/control/servercert.pem
> 
> 
> 
> Any idea what's going on with this error?
> 
> thanks, Gary
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Remo Mattei 
You need to use password not encrypted. 


Inviato da iPhone

> Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
> 
> 
> I can send mail via the roundcube web mail. That's where this message is 
> coming from.
> 
> When sending mail from thunderbird, I have my smtp server set up in my client 
> as
> 
> Port 587
> startTLS
> Encrypted Password
> 
> This is the same as I had with a number of clients on my old server.
> 
> When I try to send email, I get this error.
> 
> Sending of the message failed.
> An error occurred while sending mail: Outgoing server (SMTP) error. The 
> server responded:  TLS no valid RSA private key: 
> error:8002:system library::No such file or directory (#4.3.0).
> 
> 
> To create certificates on my new server. I retrieved certs from letencrypt 
> and then did this.
> 
> cp -p /var/qmail/control/servercert.pem 
> /var/qmail/control/servercert.pem.lastmonth
> cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > 
> /var/qmail/control/servercert.pem
> 
> chown vpopmail:qmail /var/qmail/control/servercert.pem
> chmod 640 /var/qmail/control/servercert.pem
> 
> 
> 
> Any idea what's going on with this error?
> 
> thanks, Gary
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread gb 



It looks like letsencrypt is now using ecdsa by default.

So I went back and copied my certs off my old server, probably not what 
I really want to do. But it did give me a different error. Now I'm 
getting this one.


Sending of the message failed.
The Outgoing server (SMTP) mail.gbco.us does not seem to support 
encrypted passwords. If you just set up the account, try changing the 
'Authentication method' in 'Account settings | Outgoing server (SMTP)' 
to 'Normal password'.



I thought I tested this before with the new server, but maybe I didn't 
test it correctly. Anyone got any ideas?





On 2024-03-22 18:29, g...@gbco.us wrote:

I can send mail via the roundcube web mail. That's where this message
is coming from.

When sending mail from thunderbird, I have my smtp server set up in my 
client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error.
The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0).


To create certificates on my new server. I retrieved certs from
letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate ERROR

2008-09-04 Thread Jake Vickers 

Robin W. Sanchez C. wrote:


Make a self signed certificate:

 


cd /etc/pki/tls/certs/

  make stunnel.pem

  Note: common name should be your FQDN server.your-domain.com

  mv stunnel.pem /var/qmail/control/servercert.pem

  chown root:qmail /var/qmail/control/servercert.pem

  chmod 644 /var/qmail/control/servercert.pem

  /ln -s /var/qmail/control/servercert.pem 
/var/qmail/control/clientcert.pem


 

 


I applied this proccedure but after that, mi

 


Show this error in http://web.domain.com/qmailadmin

 



What do the IMAP logs show?  This cert wouldn't normally have anything 
to do with apache or it's authentication (unless qmailadmin also 
authenticates via IMAP for login purposes)


**