Hi Nick.
I think that SSL/TLS does use a certificate as I've been asked to
download the certificate when I've set up the email.
Can one of the experts comment on this?
B.
On 5.04.2015 16:53 , Nick Howitt wrote:
Hi,
What's your handle at Clearfoundation?
Mail is not my strong point but I have port 587 working with
user/pass and I had been hoping to make it relatively hack-proof
by using certificates. Isn't SSL/TLS just user/pass as well or
can it use certificates?
I have IMAPS working on 993.
FWIW, I filed a bug recently in ClearOS as by default (on 6.x at
least) even with authentication off in the Webconfig, it is in
fact still on through port 465 but not port 587 through the
configuration in /etc/postfix/master.cf. To me it should either
be off everywhere or, if on with 465 it should also be on with
587 and a warning added to the webconfig to that effect.
Nick
On Sunday, 5 April 2015 17:29:01 UTC+1, Nick Howitt wrote:
Hi,
I am trying to get K-9 to use certificates/STARTTLS to
communicate with and relay through my postfix mail server. I
have a self-signed ca-cert and have generated user
certificates and keys from this. I have imported the ca-cert
into Android and the p12 user certificate into K-9.
Using STARTTLS/port 587, every time I switch from user/pass
authentication to certificates I get a message from
K-9:[code]Cannot connect to server. (Unable to authenticate.
The server does not advertise the SASL EXTERNAL capability.
This could be a problem with the client certificate
(expired, unknown certificate authority) or some other
configuration problem.)[/code]I have tried using a user
certificate and the system certificate but nothing I do
changes the reply.
If I try telnetting into port 587 I get:[code][root@server
~]# telnet 127.0.0.1 587
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mailserver.howitts.co.uk ESMTP Postfix
ehlo howitts.co.uk
250-mailserver.howitts.co.uk
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN[/code]So STARTTLS is advertised. In postfix the
message I get is:[code]Apr 5 16:33:27 server
postfix/smtpd[9162]: connect from motog.howitts.co.uk[172.17.2. 113]
Apr 5 16:33:27 server postfix/smtpd[9162]: setting up TLS
connection from motog.howitts.co.uk[172.17.2.113]
Apr 5 16:33:27 server postfix/smtpd[9162]: motog.howitts.co.uk[172.17.2.113]:
Trusted: subject_CN=ourfamily, issuer=ca.server.howitts.lan,
fingerprint=13:45:A2:B4:94:B0:18:4A:E3:46:C0:29:29:BE:1E:27
Apr 5 16:33:27 server postfix/smtpd[9162]: Trusted TLS
connection established from motog.howitts.co.uk[172.17.2.113]: TLSv1.2
with cipher DHE-RSA-AES256-SHA (256/256 bits)[/code]So the
connection seems to be OK at the postfix end.
I do sometimes get host-name mismatch warnings which I
accept but then I end up with the same error.
Have you any idea what I am doing wrong?
TIA,
Nick
--
You received this message because you are subscribed to the K-9
Mail Users List.
To post to this group, send email to [email protected]
To unsubscribe, email [email protected]
To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list
For more options, visit this group at http://groups.google.com/group/k-9-mail
---
You received this message because you are subscribed to the Google
Groups "K-9 Mail" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the K-9 Mail Users List.
To post to this group, send email to [email protected]
To unsubscribe, email [email protected]
To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list
For more options, visit this group at http://groups.google.com/group/k-9-mail
---
You received this message because you are subscribed to the Google Groups "K-9 Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
|
