Hello,
I'm setting up OTRS 2.2.6 on OpenSuSE 10.3 and I'm running into trouble
trying to retrieve email using IMAP/SSL from exchange 2003 with a self
signed certificate.
None of the scripts worked for me to capture the certificate but I could
get them through openssl s_client, it does return some errors but does
seem to connect:
/opt/otrs # openssl s_client -connect exch.interviewstream.com:993
CONNECTED(00000003)
depth=0 /C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
i:/DC=local/DC=ivs/CN=exch.interviewstream.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgIKYSo6bAAAAAAAAjANBgkqhkiG9w0BAQUFADBPMRUwEwYK
CZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNpdnMxITAfBgNVBAMT
GGV4Y2guaW50ZXJ2aWV3c3RyZWFtLmNvbTAeFw0wNzEyMTQxNDE1MTNaFw0wODEy
MTQxNDI1MTNaMIGJMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlh
MRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExHDAaBgNVBAoTE0ludGVydmlld3N0cmVh
bSBMTEMxCzAJBgNVBAsTAklUMSEwHwYDVQQDExhleGNoLmludGVydmlld3N0cmVh
bS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJc37npf/6R4TvKJefC6
WxNfPcW5ZGzlQ1ztLK/+0AdIutxTty7FNgubUvXJr44DW6hHZh4C7GqtTJkOA4xx
mNeR2BtW44vfUNRfEAUqw0uAayRXf8eJ7e8xf7dEp333GnHsCUlwRUBzvQj2LgLl
uQ7vxgZa5YIUDyds91awrgsBAgMBAAGjggLuMIIC6jAOBgNVHQ8BAf8EBAMCBPAw
RAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
MAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud
DgQWBBQIGtBpF3zK4C7X8IumqFZBMae6bjAfBgNVHSMEGDAWgBQVfbOGENo0FjDb
b9EG3A5huVboTjCCARMGA1UdHwSCAQowggEGMIIBAqCB/6CB/IaBumxkYXA6Ly8v
Q049ZXhjaC5pbnRlcnZpZXdzdHJlYW0uY29tLENOPWV4Y2gsQ049Q0RQLENOPVB1
YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRp
b24sREM9aXZzLERDPWxvY2FsP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz
ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY9aHR0cDovL2V4Y2gu
aXZzLmxvY2FsL0NlcnRFbnJvbGwvZXhjaC5pbnRlcnZpZXdzdHJlYW0uY29tLmNy
bDCCASQGCCsGAQUFBwEBBIIBFjCCARIwgbUGCCsGAQUFBzAChoGobGRhcDovLy9D
Tj1leGNoLmludGVydmlld3N0cmVhbS5jb20sQ049QUlBLENOPVB1YmxpYyUyMEtl
eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9aXZz
LERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZp
Y2F0aW9uQXV0aG9yaXR5MFgGCCsGAQUFBzAChkxodHRwOi8vZXhjaC5pdnMubG9j
YWwvQ2VydEVucm9sbC9leGNoLml2cy5sb2NhbF9leGNoLmludGVydmlld3N0cmVh
bS5jb20uY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQC/ID1MrzL0x85V8sgXMgRDAUac
elOAbFIuajva+IpZGa+ykH3XBtMyxHJjELwW9F0B4V2ubYb79U3K/nUH5ToSuTR+
YCbytilBMGTOITbWD0cjKkscIG9C6yJj1zFWDWNbSjiwPOYAufvoryMxdNXju1IR
0zdaQovIOWL3WFuJszudrw2MNSETmvhC4neKbDp+Ow04UtbiMHdKF9cXIAT8YHZA
EAZX1lRBY4YV7Xm+kaHsmxSNoUUGUm7/lxMcXmwx8QOQGYKd/RRtdweFm5Pl5u/e
PA8E35oYD6k0036rTarD4YVQm/A9K8GcWxoX0AZtRpKP+axvJtvLACQHsse4
-----END CERTIFICATE-----
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
issuer=/DC=local/DC=ivs/CN=exch.interviewstream.com
---
No client certificate CA names sent
---
SSL handshake has read 1621 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
680D000049120A3CBA22A7271B499E92FA237656A44885F1873F7F6B36659131
Session-ID-ctx:
Master-Key:
B26B781A739B77110892DB7CC10FFB137C6FBB5FDADAAAF9C5AC1E11E110C027ABD0F32E
1E6C1334DCCEBB8CFAB8E585
Key-Arg : None
Start Time: 1212069984
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1
(exch.ivs.local) ready.
I saved the cert text into a file in /opt/otrs/.certs/ and when I run
/opt/otrs/c_rehash .certs, it does return, cert.pem => xxx.0 file
None of the standard .fetchmailrc settings worked but if I modified the
file with what worked above and enter it, it shows some errors but it
does appear to get the mail from the server. If there is no mail, it
does not get any, if I send another message to the server, it will get
it the next time I run .fetchmailrc so that seems to be working
manually:
/opt/otrs/.fetchmailrc
poll exch.interviewstream.com protocol IMAP port 993 plugin "openssl
s_client -connect exch.interviewstream.com:993 -CApath
/opt/otrs/.certs/" user xxxx pass xxx is otrs here
and run it manually,
opt/otrs # fetchmail -f .fetchmailrc -a
fetchmail: WARNING: Running as root is discouraged.
depth=0 /C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Pennsylvania/L=Philadelphia/O=Interviewstream
LLC/OU=IT/CN=exch.interviewstream.com
verify error:num=21:unable to verify the first certificate
verify return:1
1 message for xxx at exch.interviewstream.com.
reading message [EMAIL PROTECTED]:1 of 1 (740 header octets)
(166 body octets) flushed
read:errno=0
however it does not show up in otrs and also when I edit the cron job
/opt/otrs/var/cron/fetchmail
# fetch every 5 minutes emails via fetchmail
*/5 * * * * [ -x /usr/bin/fetchmail ] && /usr/bin/fetchmail -a >>
/dev/null
*/5 * * * * /usr/bin/fetchmail -a --ssl >> /dev/null
and restart orts,
Tail /var/logs/fetchmail shows that it is failing.
tail /var/log/fetchmail
fetchmail: awakened at Thu May 29 09:53:28 2008
fetchmail: connection to exch.interviewstream.com:imap
[208.112.78.239/143] failed: Connection timed out.
fetchmail: IMAP connection to exch.interviewstream.com failed:
Connection timed out
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Thu May 29 09:56:37 2008 for 600 seconds
It looks like it is using port 143 and not 993 and there are 2 lines in
/opt/otrs/var/cron/fetchmail and line 13 does not reference ssl and line
14 does, I tried enabling both and each individually but still the same
/var/log/fetchmail message
So I have 3 problems, a workaround in .fetchmailrc, when I run it
manually, the mail does not show up in otrs and fetchmail cron is
misconfigured.
I'd really appreciate any help with this,
Phil
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
