You got it :-) I made 3 attempts (see smtpserver.log for details): 1) kmail + ssl + auth + verification 2) kmail + ssl 3) openssl (see openssl.debug for details)
Thanks for all. Have a nice day, Emmanuel ---------------------- > Emmanuel, > > Than you for helping out with this. :-) I'm relieved to hear that TLS is > working for all of the protocols except for SMTP, and that it is working > for SMTP manually. > > Please go into apps/james/SAR-INF/environment.xml, and change the entry for > smtpserver from INFO to DEBUG. That ought to be line 50. Then we will > want to see the portion of the log showing when kmail tries to use SMTP > with TLS. > > A useful paper: http://www.sial.org/talks/smtpauth-starttls/talk.html > > --- Noel > > -----Original Message----- > From: Emmanuel Gilmont [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 22, 2003 7:25 > To: James Users List > Subject: Re: SMTP+SSL =error > > > Emmanuel, > > > > Are you saying that SSL (TLS) works for RemoteManager and POP3, but not > > SMTP? > > Yes. That's right. > > > Are you getting ssl:<port> indicators emitted at startup for > > RemoteManager, POP3 and SMTP? > > Yes, all seems ok. And when I try to connect to the SMTP deamon with > openssl (openssl s_client -connect localhost:25), it works very well. Maybe > it's kmail which can't handle it ? > > > Technically, SMTP is a bit different from the others. I don't believe > > STARTTLS is currently implemented. Some clients may have issue with that > > lack. > > > > Can you please provide information on how you prepared the TLS > > environment? > > OK, tell me what I should provide to you... > > > Also, please turn on DEBUG for SMTP, and provide a log of an attempted > > SMTP > > > SSL session? > > Maybe I'm blind... but how do you turn on the DEBUG mode ? (I'll search... > > :-) > > Thanks, > Emmanuel > > > --- Noel > > > > -----Original Message----- > > From: Emmanuel Gilmont [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 21, 2003 10:28 > > To: [EMAIL PROTECTED] > > Subject: SMTP+SSL =error > > > > > > Hi all, > > > > After reading the archive, I decide to post this message. > > > > I succefully configured my James server but got an error. > > > > Config: > > - remote manager uses ssl (port 4555) > > - pop use ssl (port 995) > > - smtp use auth, verification and ssl (port 25) > > - nothing more > > > > If I disable the ssl for the smtp, it works very well. But when > > activated, my mail client (kmail) got a message like this: "mail server > > doens't answer..." > > > > Anybody with an idea ? > > > > Thanks, > > Emmanuel
OpenSSL> s_client -connect localhost:25 CONNECTED(00000003) depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=localhost/OU=localhost/CN=Mailing List verify error:num=18:self signed certificate verify return:1 depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=localhost/OU=localhost/CN=Mailing List verify return:1 --- Certificate chain 0 s:/C=Unknown/ST=Unknown/L=Unknown/O=localhost/OU=localhost/CN=Mailing List i:/C=Unknown/ST=Unknown/L=Unknown/O=localhost/OU=localhost/CN=Mailing List --- Server certificate -----BEGIN CERTIFICATE----- MIIDHzCCAt0CBD4tUsgwCwYHKoZIzjgEAwUAMHUxEDAOBgNVBAYTB1Vua25vd24x EDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEjAQBgNVBAoTCWxv Y2FsaG9zdDESMBAGA1UECxMJbG9jYWxob3N0MRUwEwYDVQQDEwxNYWlsaW5nIExp c3QwHhcNMDMwMTIxMTQwMTQ0WhcNMDMwNDIxMTQwMTQ0WjB1MRAwDgYDVQQGEwdV bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRIwEAYD VQQKEwlsb2NhbGhvc3QxEjAQBgNVBAsTCWxvY2FsaG9zdDEVMBMGA1UEAxMMTWFp bGluZyBMaXN0MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s 5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/Jm YLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy 9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj 6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAKbygmrHDv4BdjhP xvB9bkDTFjhuegCMmnSVYGVA3lvZKv9TIwJTJdLvfksvEG9Cm42PFNL1e+s2Z2i/ 6MCasF+cS7UnQ+lrKZsXHGPqTabQjdg/IHIgthvD65zlm9sYhdBozRllXB34BWr5 X0FNGx9J/6jg4MYZeTZXXpbgKRttMAsGByqGSM44BAMFAAMvADAsAhQTjwQZ5UtD E4vKY5hcA01J07ugOgIUTokOD0UHCv817JD0dx8su2yyECM= -----END CERTIFICATE----- subject=/C=Unknown/ST=Unknown/L=Unknown/O=localhost/OU=localhost/CN=Mailing List issuer=/C=Unknown/ST=Unknown/L=Unknown/O=localhost/OU=localhost/CN=Mailing List --- No client certificate CA names sent --- SSL handshake has read 1263 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is EDH-DSS-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-DSS-DES-CBC3-SHA Session-ID: 3E2FAB320F8F9678873F6343A1235D4541842374E327F1DBD90409E2EA711ACC Session-ID-ctx: Master-Key: 3C35001FD8A3757BEEFEDDD9C50969057D5F549177F98CD8C3B509178C6D15DA16B975254F8AB0542CB3861068F7CB75 Key-Arg : None Start Time: 1043311410 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 220 pc0048 SMTP Server (JAMES SMTP Server 2.1) ready Thu, 23 Jan 2003 09:43:30 +0100 (CET) ^[[B^[[B^[[B^[[B^[[B^[[B^[[B^[[B^[[B^[[B^[[B 500 pc0048 Syntax error, command unrecognized: [B hello 500 pc0048 Syntax error, command unrecognized: HELLO list 500 pc0048 Syntax error, command unrecognized: LIST quit 221 pc0048 Service closing transmission channel closed
#--------------------------------------- # # INFO: # - pc0048 is the name of my pc # - 10.0.0.86 is the lan ip provided by the dhcp server # - james and kmail are on the same pc (aka pc0048 == 10.0.0.86 == 127.0.0.1) #--------------------------------------- # # 1st attempt with following options, using KMAIL # # <useTLS>true</useTLS> # <authRequired>true</authRequired> # <verifyIdentity>true</verifyIdentity> # 23/01/03 09:31:39 INFO smtpserver: SMTP Service uses default thread group. 23/01/03 09:31:39 INFO smtpserver: SMTP Service is running on: pc0048 23/01/03 09:31:39 INFO smtpserver: SMTP Service handler hello name is: pc0048 23/01/03 09:31:39 INFO smtpserver: SMTP Service handler connection timeout is: 360000 23/01/03 09:31:39 INFO smtpserver: This SMTP server requires authentication and verifies that the authentication credentials match the sender address. 23/01/03 09:31:39 INFO smtpserver: No maximum message size is enforced for this server. 23/01/03 09:31:39 INFO smtpserver: The idle timeout will be reset every 20480 bytes. 23/01/03 09:31:39 DEBUG smtpserver: SMTP Service init... 23/01/03 09:31:39 DEBUG smtpserver: SMTP Service ...init end 23/01/03 09:31:39 INFO smtpserver: SMTP Service started ssl:25 23/01/03 09:31:39 DEBUG smtpserver: Using an unbounded pool for SMTP handlers. 23/01/03 09:31:59 DEBUG smtpserver: Retrieving a org.apache.james.smtpserver.SMTPHandler from the pool 23/01/03 09:31:59 DEBUG smtpserver: Getting SMTPHandler from pool. 23/01/03 09:31:59 INFO smtpserver: Connection from localhost (127.0.0.1) 23/01/03 09:32:43 DEBUG smtpserver: Retrieving a org.apache.james.smtpserver.SMTPHandler from the pool 23/01/03 09:32:43 DEBUG smtpserver: Getting SMTPHandler from pool. 23/01/03 09:32:43 INFO smtpserver: Connection from pc0048 (10.0.0.86) 23/01/03 09:32:59 DEBUG smtpserver: Sent: 220 pc0048 SMTP Server (JAMES SMTP Server 2.1) ready Thu, 23 Jan 2003 09:31:59 +0100 (CET) 23/01/03 09:32:59 DEBUG smtpserver: Calling start() 23/01/03 09:32:59 DEBUG smtpserver: Exception handling socket to localhost (127.0.0.1) : Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) at java.io.BufferedInputStream.read1(BufferedInputStream.java:220) at java.io.BufferedInputStream.read(BufferedInputStream.java:277) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180) at java.io.InputStreamReader.read(InputStreamReader.java:167) at java.io.BufferedReader.fill(BufferedReader.java:136) at java.io.BufferedReader.readLine(BufferedReader.java:299) at java.io.BufferedReader.readLine(BufferedReader.java:362) at org.apache.james.smtpserver.SMTPHandler.readCommandLine(SMTPHandler.java:483) at org.apache.james.smtpserver.SMTPHandler.handleConnection(SMTPHandler.java:337) at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:404) at org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:47) at org.apache.avalon.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:80) Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275) at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:334) at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:402) at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:406) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:150) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213) at java.io.BufferedWriter.flush(BufferedWriter.java:230) at java.io.PrintWriter.flush(PrintWriter.java:120) at org.apache.james.smtpserver.SMTPHandler.writeLoggedFlushedResponse(SMTPHandler.java:461) at org.apache.james.smtpserver.SMTPHandler.handleConnection(SMTPHandler.java:334) ... 3 more 23/01/03 09:32:59 DEBUG smtpserver: Watchdog default Worker #16 has time to sleep 359995 23/01/03 09:32:59 DEBUG smtpserver: Calling disposeWatchdog() default Worker #16 23/01/03 09:32:59 DEBUG smtpserver: Watchdog default Worker #16 is exiting run(). 23/01/03 09:32:59 DEBUG smtpserver: Returning SMTPHandler to pool. 23/01/03 09:32:59 DEBUG smtpserver: Returning a org.apache.james.smtpserver.SMTPHandler to the pool #--------------------------------------- # # 2nd attempt with following options, using KMAIL # # <useTLS>true</useTLS> # <authRequired>false</authRequired> # <verifyIdentity>false</verifyIdentity> # 23/01/03 09:35:55 INFO smtpserver: SMTP Service uses default thread group. 23/01/03 09:35:55 INFO smtpserver: SMTP Service is running on: pc0048 23/01/03 09:35:55 INFO smtpserver: SMTP Service handler hello name is: pc0048 23/01/03 09:35:55 INFO smtpserver: SMTP Service handler connection timeout is: 360000 23/01/03 09:35:55 INFO smtpserver: This SMTP server does not require authentication. 23/01/03 09:35:55 INFO smtpserver: No maximum message size is enforced for this server. 23/01/03 09:35:55 INFO smtpserver: The idle timeout will be reset every 20480 bytes. 23/01/03 09:35:55 DEBUG smtpserver: SMTP Service init... 23/01/03 09:35:55 DEBUG smtpserver: SMTP Service ...init end 23/01/03 09:35:55 INFO smtpserver: SMTP Service started ssl:25 23/01/03 09:35:55 DEBUG smtpserver: Using an unbounded pool for SMTP handlers. 23/01/03 09:36:07 DEBUG smtpserver: Retrieving a org.apache.james.smtpserver.SMTPHandler from the pool 23/01/03 09:36:07 DEBUG smtpserver: Getting SMTPHandler from pool. 23/01/03 09:36:07 INFO smtpserver: Connection from localhost (127.0.0.1) 23/01/03 09:37:00 DEBUG smtpserver: Retrieving a org.apache.james.smtpserver.SMTPHandler from the pool 23/01/03 09:37:00 DEBUG smtpserver: Getting SMTPHandler from pool. 23/01/03 09:37:00 INFO smtpserver: Connection from pc0048 (10.0.0.86) 23/01/03 09:37:07 DEBUG smtpserver: Sent: 220 pc0048 SMTP Server (JAMES SMTP Server 2.1) ready Thu, 23 Jan 2003 09:36:07 +0100 (CET) 23/01/03 09:37:07 DEBUG smtpserver: Calling start() 23/01/03 09:37:07 DEBUG smtpserver: Watchdog default Worker #16 has time to sleep 359999 23/01/03 09:37:07 DEBUG smtpserver: Exception handling socket to localhost (127.0.0.1) : Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) at java.io.BufferedInputStream.read1(BufferedInputStream.java:220) at java.io.BufferedInputStream.read(BufferedInputStream.java:277) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180) at java.io.InputStreamReader.read(InputStreamReader.java:167) at java.io.BufferedReader.fill(BufferedReader.java:136) at java.io.BufferedReader.readLine(BufferedReader.java:299) at java.io.BufferedReader.readLine(BufferedReader.java:362) at org.apache.james.smtpserver.SMTPHandler.readCommandLine(SMTPHandler.java:483) at org.apache.james.smtpserver.SMTPHandler.handleConnection(SMTPHandler.java:337) at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:404) at org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:47) at org.apache.avalon.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:80) Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275) at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:334) at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:402) at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:406) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:150) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213) at java.io.BufferedWriter.flush(BufferedWriter.java:230) at java.io.PrintWriter.flush(PrintWriter.java:120) at org.apache.james.smtpserver.SMTPHandler.writeLoggedFlushedResponse(SMTPHandler.java:461) at org.apache.james.smtpserver.SMTPHandler.handleConnection(SMTPHandler.java:334) ... 3 more 23/01/03 09:37:07 DEBUG smtpserver: Calling disposeWatchdog() default Worker #16 23/01/03 09:37:07 DEBUG smtpserver: Watchdog default Worker #16 is exiting run(). 23/01/03 09:37:07 DEBUG smtpserver: Returning SMTPHandler to pool. 23/01/03 09:37:07 DEBUG smtpserver: Returning a org.apache.james.smtpserver.SMTPHandler to the pool #--------------------------------------- # # 3th attempt with following options, using OPENSSL # (see openssl.debug file) # # <useTLS>true</useTLS> # <authRequired>false</authRequired> # <verifyIdentity>false</verifyIdentity> # 23/01/03 09:42:00 DEBUG smtpserver: Sent: 220 pc0048 SMTP Server (JAMES SMTP Server 2.1) ready Thu, 23 Jan 2003 09:37:00 +0100 (CET) 23/01/03 09:42:00 DEBUG smtpserver: Calling start() 23/01/03 09:42:00 DEBUG smtpserver: Watchdog default Worker #17 has time to sleep 360000 23/01/03 09:43:30 DEBUG smtpserver: Retrieving a org.apache.james.smtpserver.SMTPHandler from the pool 23/01/03 09:43:30 DEBUG smtpserver: Getting SMTPHandler from pool. 23/01/03 09:43:30 INFO smtpserver: Connection from localhost (127.0.0.1) 23/01/03 09:43:30 DEBUG smtpserver: Sent: 220 pc0048 SMTP Server (JAMES SMTP Server 2.1) ready Thu, 23 Jan 2003 09:43:30 +0100 (CET) 23/01/03 09:43:30 DEBUG smtpserver: Calling start() 23/01/03 09:43:30 DEBUG smtpserver: Watchdog default Worker #19 has time to sleep 360000 23/01/03 09:45:32 DEBUG smtpserver: Command received: [B[B[B[B[B[B[B[B[B[B[B 23/01/03 09:45:32 DEBUG smtpserver: Sent: 500 pc0048 Syntax error, command unrecognized: [B[B[B[B[B[B[B[B[B[B[B 23/01/03 09:45:32 DEBUG smtpserver: Calling reset() default Worker #19 23/01/03 09:45:58 DEBUG smtpserver: Command received: hello 23/01/03 09:45:58 DEBUG smtpserver: Sent: 500 pc0048 Syntax error, command unrecognized: HELLO 23/01/03 09:45:58 DEBUG smtpserver: Calling reset() default Worker #19 23/01/03 09:46:02 DEBUG smtpserver: Command received: list 23/01/03 09:46:02 DEBUG smtpserver: Sent: 500 pc0048 Syntax error, command unrecognized: LIST 23/01/03 09:46:02 DEBUG smtpserver: Calling reset() default Worker #19 23/01/03 09:46:38 DEBUG smtpserver: Command received: quit 23/01/03 09:46:38 DEBUG smtpserver: Sent: 221 pc0048 Service closing transmission channel 23/01/03 09:46:38 DEBUG smtpserver: Calling stop() default Worker #19 23/01/03 09:46:38 DEBUG smtpserver: Closing socket. 23/01/03 09:46:38 DEBUG smtpserver: Calling disposeWatchdog() default Worker #19 23/01/03 09:46:38 DEBUG smtpserver: Watchdog default Worker #19 is exiting run(). 23/01/03 09:46:38 DEBUG smtpserver: Returning SMTPHandler to pool. 23/01/03 09:46:38 DEBUG smtpserver: Returning a org.apache.james.smtpserver.SMTPHandler to the pool 23/01/03 09:47:00 DEBUG smtpserver: Exception handling socket to pc0048 (10.0.0.86) : Remote host closed connection during handshake javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) at java.io.BufferedInputStream.read1(BufferedInputStream.java:220) at java.io.BufferedInputStream.read(BufferedInputStream.java:277) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180) at java.io.InputStreamReader.read(InputStreamReader.java:167) at java.io.BufferedReader.fill(BufferedReader.java:136) at java.io.BufferedReader.readLine(BufferedReader.java:299) at java.io.BufferedReader.readLine(BufferedReader.java:362) at org.apache.james.smtpserver.SMTPHandler.readCommandLine(SMTPHandler.java:483) at org.apache.james.smtpserver.SMTPHandler.handleConnection(SMTPHandler.java:337) at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:404) at org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:47) at org.apache.avalon.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:80) Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) ... 18 more 23/01/03 09:47:00 DEBUG smtpserver: Calling disposeWatchdog() default Worker #17 23/01/03 09:47:00 DEBUG smtpserver: Watchdog default Worker #17 is exiting run(). 23/01/03 09:47:00 DEBUG smtpserver: Returning SMTPHandler to pool. 23/01/03 09:47:00 DEBUG smtpserver: Returning a org.apache.james.smtpserver.SMTPHandler to the pool
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>