Edit the config file and set it.
-- Jeremy McSpadden On Sep 28, 2011, at 11:10 PM, "Paul Farrow" <[email protected]> wrote: > > Thanks but I believe that shouldn't be necessary. It works for my > webmail client and android phone but not Thunderbird on mac or pc via > port 465. > > I then tried to get to the admin webserver to see the settings and I > can't since upgrading, its like the password is not correct. It used to > be nospam4me but cant get that to work. Any ideas on that anyone? > > Thanks > > Paul > > On Wed, 28 Sep 2011 20:02:45 -0700, Jeremy McSpadden wrote: >> ASSP SSL support on port 465 using stunnel (#03) >> ( updated 11 Mar 2011 , compatible with all ASSP versions) >> >> Be sure your all your ASSP alternative ports (listePort2) are allowed >> on your firewall (TCP IN/OUT). >> Using below "how to" you can use SMTP SSL/TLS to send email securely >> using port 465. >> If you want secure imap receiving , you should use port 143 with >> STARTTLS >> If you want secure pop3 receiving , you should use port 110 with >> STARTTLS >> >> Thanks to Szymon Rybczynski >> (pro-net-hosting.com<http://pro-net-hosting.com> and prohost.pl) >> >> HOW TO >> All lines starting with # are commands to execute as root. >> >> 1. You need stunnel installed. Cpanel should have stunnel installed. >> To check: >> # stunnel -version >> If you get something like "stunnel 4.05 on i686-redhat-linux-gnu >> PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003" you can continue. >> >> 2. You can make your own certificate for SSL or use cPanel cert. This >> howto shows how to use cPpanel cert. To make your own cert just >> search >> google for instruction and change cert path in stunnel.conf to your >> cert. >> >> 3. Setting up stunnel user and config file: >> >> >> # adduser stunnel;passwd stunnel >> >> >> Set password for user stunnel >> >> # cd /etc/stunnel;nano -w stunnel.conf >> >> copy and paste this: >> >> cert = /etc/stunnel/cpanel.pem >> chroot = /usr/local/cpanel/var/run/stunnel-assp/ >> pid = /stunnel.pid >> setuid = stunnel >> setgid = stunnel >> output = /var/log/stunnel.log >> [ssmtp] >> accept = 465 >> connect = 127.0.0.2:26 >> >> >> note : you should replace 26 with your preferred alternative port you >> have setup in listenPort2 , by default you will find port 26 >> Save the file. >> >> 4. Copy cPanel cert. >> >> If you have set correctly your own certificate for your cpanel/exim >> services in >> WHM > Service Configuration >> Manage Service SSL Certificates >> >> execute this >> >> # cp /var/cpanel/ssl/cpanel/mycpanel.pem /etc/stunnel/cpanel.pem >> >> >> otherwise execute this >> >> # cp /var/cpanel/ssl/cpanel/cpanel.pem /etc/stunnel/cpanel.pem >> >> Note : if /usr/local/cpanel/etc/cpanel.pem or (mycpanel.pem) does not >> exists you can find >> the cpanel certificate also here >> /var/cpanel/ssl/cpanel/cpanel.pem , in this case execute this >> # cp /usr/local/cpanel/etc/cpanel.pem /etc/stunnel/ >> >> Now execute this >> >> >> # cd /etc/stunnel/;chown stunnel.stunnel cpanel.pem >> >> >> >> 5. Create run dir. >> >> # cd /usr/local/cpanel/var/run/;mkdir stunnel-assp;chown >> stunnel.stunnel stunnel-assp >> >> >> 6. Setup 127.0.0.2 - if you don't do this you will create open relay >> on SSL port. >> >> >> # cp /etc/sysconfig/network-scripts/ifcfg-lo >> /etc/sysconfig/network-scripts/ifcfg-lo:1; >> # nano -w /etc/sysconfig/network-scripts/ifcfg-lo:1 >> >> Change it to look like this: >> >> >> DEVICE=lo:1 >> IPADDR=127.0.0.2 >> NETMASK=255.0.0.0 >> NETWORK=127.0.0.0 >> BROADCAST=127.255.255.255 >> ONBOOT=yes >> NAME=myloop >> Save. >> >> 7. Now bring lo:1 up. >> >> >> # /etc/sysconfig/network-scripts/ifup-aliases lo >> >> # ifconfig >> >> It should now list 127.0.0.2 >> >> 8. Login to ASSP web interface (ip:55555) and change: >> Network Setup: >> ------------ >> Second SMTP Listen Port >> 26 >> ------------ >> Second SMTP Destination >> 127.0.0.1:125 >> ------------ >> Force SMTP AUTH on Second SMTP Listen Port >> Checked >> ------------ >> >> Relaying: >> ------------ >> Accept All Mail >> 127.0.0.1 >> >> If you make a mistake here you can make your mail server open relay >> so double check the settings. >> >> 8. Open TCP IN/OUT port 465 on your firewall. >> >> 9. Now you are ready to start stunnel. Execute: >> >> # stunnel /etc/stunnel/stunnel.conf >> >> At this moment your SSL connection should work. Test it: >> >> # openssl s_client -quiet -connect localhost:465 >> >> >> If you get error then something is wrong and you need to check >> /var/log/stunnel.log >> >> If you get something like: >> "depth=0 >> >> /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net >> verify error:num=18:self signed certificate >> verify return:1 >> depth=0 >> >> /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net >> verify return:1 >> 220-pol.nameserverus2.com<http://220-pol.nameserverus2.com> ESMTP >> Exim 4.63 #1 Mon, 23 Jul 2007 15:42:14 +0200 >> 220-We do not authorize the use of this system to transport >> unsolicited, >> 220 and/or bulk e-mail." >> >> Everything is ok and ready to use. >> >> Note If you don't want see SSL popup when you send email using port >> 465 be sure that at point 4) you copied the mycpanel.pem certificate >> and your users must send email using as smtp the address of your >> shared ssl . If you change the .pem file , and you can't see the new >> certificate loaded correctly using >> >> # openssl s_client -quiet -connect localhost:465 >> >> execute this >> >> # service cpanel restart >> # /usr/local/cpanel/3rdparty/bin/php-cgi >> /usr/local/assp/deluxe/ex_localdomains.php >> >> now if you execute this >> >> # openssl s_client -quiet -connect localhost:465 >> >> you should see your server SSL certificate. >> >> >> 10. if you would monitor stunnel daemon in case it goes down you can >> add check_ssl=yes to your status.php cron in this way >> >> */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi >> /usr/local/assp/deluxe/status.php check_ssl=yes >> >> If you are using an alternative port different from port 26 , i.e. >> 40000 , in this case you should add also altport=40000 >> >> */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi >> /usr/local/assp/deluxe/status.php check_ssl=yes altport=40000 >> >> -- >> Jeremy McSpadden >> Flux Labs, Inc >> http://www.fluxlabs.net<http://www.fluxlabs.net/> >> Endless Solutions >> Office : 850-588-4626 >> Cell : 850-890-2543 >> Fax : 850-254-2955 >> >> On Sep 28, 2011, at 9:58 PM, Paul Farrow wrote: >> >> >> played around with the settings in thunderbird now and getting this >> >> Sep-28-11 22:57:34 [Worker_1] Connected: 10.1.10.149:49970 > >> 70.88.29.81:465 > 70.88.29.81:34217 > 70.88.29.81:125 , 4-16 >> Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 Message-Score: added 25 for >> EarlyTalker, total score for this message is now 25 >> Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1 >> Misbehaved SMTP session (EarlyTalker) >> Sep-28-11 22:57:34 [Worker_1] Disconnected: 10.1.10.149 - command >> list >> was 'n/a' - used 1 SocketCalls >> >> >> any ideas? >> >> Thanks >> >> Paul >> >> On Wed, 28 Sep 2011 19:53:44 -0700, Jeremy McSpadden wrote: >> What's accepting the ssl connection? Are you using stunnel ? Or the >> SSL in ASSP? >> >> >> -- >> Jeremy McSpadden >> >> On Sep 28, 2011, at 9:51 PM, "Paul Farrow" >> <[email protected]<mailto:[email protected]>> >> wrote: >> >> >> not with you ?? >> >> Sorry >> >> On Wed, 28 Sep 2011 19:48:14 -0700, Jeremy McSpadden wrote: >> Using stunnel ? >> >> >> -- >> Jeremy McSpadden >> >> On Sep 28, 2011, at 9:46 PM, "Paul Farrow" >> <[email protected]<mailto:[email protected]>> >> wrote: >> >> >> >> Since upgrading to version 2, instead of an intermittent problem >> with Thunderbird I have a problem all the time. >> >> The logs say this >> >> >> Sep-28-11 22:40:00 [Worker_1] Connected: 10.1.10.149:49617 > >> 70.88.29.81:465 > 70.88.29.81:56683 > 70.88.29.81:125 , 4-16 >> Sep-28-11 >> 22:40:00 [Worker_1] 10.1.10.149 info: removed '250-STARTTLS' from >> reply >> Sep-28-11 22:40:00 [Worker_1] Disconnected: 10.1.10.149 - command >> list was 'EHLO,QUIT' - used 2 SocketCalls >> >> and thunderbird says >> >> >> Thanks >> >> -- >> Paul >> >> >> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> >> [email protected]<mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> >> [email protected]<mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> >> [email protected]<mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> >> [email protected]<mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-user > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
