On Tue, 09 Sep 2003 22:58:39 -0700, Gordon Messmer wrote: >Kevin Murphy wrote: >> >> I guess I should start by pointing out one important bit of >> information. I have unchecked the "Enabled" checkbox for "ESMTP over >> TLS" under "Inbound ESMTP" in webadmin.
>I confess to being unfamiliar with the webadmin tool, and exactly what >that is disabling. Did you restart courier after making that change? Yes, I've restarted numerous times throughout this ordeal. >> The addcr command gives me the following output: >> >> [EMAIL PROTECTED] root]# addcr | TLS_VERIFYPEER=NONE couriertls >> -host=localhost -port=25 -protocol=smtp > > 220 mail.skoroworld.com ESMTP >> STARTTLS 220 Ok >That would indicate that the STARTTLS command works if you don't verify >the certificate, but doesn't indicate whether the CN matches. In my >experience, clients disconnect in two situations most often: when the >CN doesn't match the hostname used to connect, and when the cert is not >signed by a recognised authority. >> The suggested openssl command gives me the following output: >> >> [EMAIL PROTECTED] root]# openssl s_client -connect mail.skoroworld.com:465 >> -CApath /usr/lib/courier/share/rootcerts connect: Connection refused >> connect:errno=29 >465 probably wasn't the best port to use as an example. I run SMTPS, >but you don't seem to. Try one of the SSL ports you have open, probably >993 or 995. I tried it on 993 for my primary MX, and it gave me a whole lot of output. This was one of the messages that caught my eye, however. Could this perhaps be the problem? Verify return code: 10 (Certificate has expired) I tried the same command on my backup MX and got a Connection Refused message for both ports 993 and 995. It should be noted that I have done nothing to configure or work with any SSL subsystems on these machines, so it's entirely possible that some default configuration is incorrect. Also, my primary MX is RedHat 7.3 and the backup MX is RedHat 9.0. Thanks! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
