Drac Plugin
I now have the drac plugin compiled and working. The plugin binary might even work with the Debian/Ubuntu binary. It was a one line change. I need to talk to the sendmail folks about their macro for the DRAC feature. My custom sendmail.cf code works in a way that makes using drac and SpamHaus for anyone on a blacklisted IP such as non-comercial Comcast users. I am hoping that the drac plugin will get fixed in the core distribution and possible the new binary make it into the Debian/Ubuntu binary build. *** dovecot-2.2.22/src/plugins/drac/drac-plugin.c 2016-09-23 22:49:56.345568783 -0500 --- dovecot-2.2.22/src/plugins/drac/drac-plugin.c-orig 2016-09-26 14:33:46.828670909 -0500 *** *** 25,31 /* libdrac function */ int dracauth(char *, unsigned long, char **); ! const char *drac_plugin_version = DOVECOT_ABI_VERSION; static struct timeout *to_drac = NULL; static const char *drachost = NULL; /* dracd host */ --- 25,31 /* libdrac function */ int dracauth(char *, unsigned long, char **); ! const char *drac_plugin_version = DOVECOT_VERSION; static struct timeout *to_drac = NULL; static const char *drachost = NULL; /* dracd host */ *Darryl Baker*
Re: Self-Signed Certificate issue
Building a new certificate as described in a previous email worked. *Darryl Baker* On Sun, Sep 25, 2016 at 5:19 AM, chaouche yacine wrote: > *From:* Darryl Baker > > > *To:* dovecot@dovecot.org > *Sent:* Friday, September 23, 2016 6:07 PM > *Subject:* Self-Signed Certificate issue > > I keep getting what I am interpreting as > a missing CA cert. The message is: > > dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL > routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 > > That's because your client doesn't know about the certificate *issuer* so > it doesn't trust it (the certificate), it's not an *authority* (the A in > CA). What you need to do is include the *issuer's* certificate in your > server's. But even then, the issuer was yourself, and your are not trusted > either on the client's side. So what you need to do is install the root > certificate in the client's machine so that certificates signed with it are > trusted. When root cert is trusted on the client side, it will trust the > intermediate (issuer) certificate because it was signed by it, and trust > the server's certificate because it was signed by the intermediate (this is > why it's called a certificate *chain* which often has only one intermediate > CA although many intermediates are possible). > > So it's ROOT CA CERT >>signs>> INTERMEDIATE CA CERT >>signs>> SERVER CERT > > > >
Self-Signed Certificate issue
My apologies if this is a repeat but my search of the archive did not turn it up in the recent past. If this has been covered just point me at the previous thread, please. I am running a small email site which I am moving from uw-imapd and Solaris to Ubuntu and Dovecot imaps and pop3s. I am trying to use a self-signed certificate for this site. I am using Thunderbird as the test client. I've tried both the pre-built snakeoil certificate and building a special one for dovecot. In /var/log/mail.err I keep getting what I am interpreting as a missing CA cert. The message is: dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 The certificate was created by: openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/dovecot.pem -keyout /etc/ssl/private/dovecot.pem The Dovecot version is 2.2.22 (fe789d2) The Ubuntu version is 16.04 LTS current patches. *Darryl Baker*
