yep
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
?On 7/11/18, 5:46 PM, "Teno Deuter" <gvgter at googlemail.com>
wrote:
the maillog shows:
reason="io-error: error:14037418:SSL routines:ACCEPT_SR_KEY_EXCH:tlsv1
alert unknown ca"
please note that I'm using a self-signed cert. Is that the reason?
On Thu, Jul 12, 2018 at 12:42 AM, Larry Rosenman <larryrtx at
gmail.com> wrote:
> Then you need to look at the opensmtpd logs to figure out why the
starttls is failing.
>
>
>
> --
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com
> US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
>
> ?On 7/11/18, 5:42 PM, "Teno Deuter" <gvgter at
googlemail.com> wrote:
>
> actually I did define the staic IP address already and now I get
the
> following in the roundcube error log:
>
> STARTTLS failed ()
> Invalid response code received from server (-1)
> Failed to write to socket: unknown error ()
> SMTP Error: Authentication failure: STARTTLS failed (Code: )
>
>
>
> On Thu, Jul 12, 2018 at 12:40 AM, Larry Rosenman <larryrtx at
gmail.com> wrote:
> > Yes, or, add another block of lines with lo (or lo0) depending
on what your kernel uses for loopback in place of the $egress_int parameter to
get it to listen on 127.0.0.1 as well.
> >
> >
> >
> > --
> > Larry Rosenman http://www.lerctr.org/~ler
> > Phone: +1 214-642-9640 E-Mail: larryrtx at
gmail.com
> > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
> >
> > ?On 7/11/18, 5:38 PM, "Teno Deuter" <gvgter at
googlemail.com> wrote:
> >
> > shows the static IP address of the box. You mean to put
that address
> > in the config file?
> >
> > On Thu, Jul 12, 2018 at 12:36 AM, Larry Rosenman
<larryrtx at gmail.com> wrote:
> > > What does ifconfig nfe0 show for inet?
> > >
> > >
> > > --
> > > Larry Rosenman
http://www.lerctr.org/~ler
> > > Phone: +1 214-642-9640 E-Mail: larryrtx
at gmail.com
> > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
> > >
> > > ?On 7/11/18, 5:35 PM, "Teno Deuter"
<gvgter at googlemail.com> wrote:
> > >
> > > but:
> > >
> > > egress_int="nfe0"
> > >
> > > you mean to put this value?
> > >
> > > On Thu, Jul 12, 2018 at 12:30 AM, Larry Rosenman
<larryrtx at gmail.com> wrote:
> > > > $egress_int is NOT 127.0.0.1.
> > > >
> > > > Change roundcube to use the same address.
> > > >
> > > >
> > > > --
> > > > Larry Rosenman
http://www.lerctr.org/~ler
> > > > Phone: +1 214-642-9640 E-Mail:
larryrtx at gmail.com
> > > > US Mail: 5708 Sabbia Drive, Round Rock, TX
78665-2106
> > > >
> > > > ?On 7/11/18, 5:26 PM, "Teno
Deuter" <gvgter at googlemail.com> wrote:
> > > >
> > > > this is what I have now in my smptd conf
file:
> > > >
> > > > listen on $egress_int pki server.pki
tls-require hostname [domain]
> > > > listen on $egress_int pki server.pki
port 587 tls-require auth hostname [domain]
> > > > listen on $egress_int pki server.pki
smtps auth hostname [domain]
> > > >
> > > > but the problem is still there :(
> > > >
> > > > On Thu, Jul 12, 2018 at 12:04 AM, Larry
Rosenman <larryrtx at gmail.com> wrote:
> > > > > ---
> > > > > /etc/smtpd/smtpd.conf
> > > > > pki mx.domain.tld certificate
"/etc/smtpd/tls/smtpd.crt"
> > > > > pki mx.domain.tld key
"/etc/smtpd/tls/smtpd.key"
> > > > >
> > > > > table creds
"/etc/smtpd/creds"
> > > > > table vdoms
"/etc/smtpd/vdoms"
> > > > > table vusers
"/etc/smtpd/vusers"
> > > > >
> > > > > listen on eth0 tls pki
mx.domain.tld
> > > > > listen on eth0 port 587 tls-require
pki mx.domain.tld auth <creds>
> > > > >
> > > > > accept from any for domain
<vdoms> virtual <vusers> deliver to mbox
> > > > > accept for any relay
> > > > > ----
> > > > > Add a:
> > > > > listen on lo port 587 tls-require
pki mx.domain.tld auth <creds>
> > > > >
> > > > >
> > > > > --
> > > > > Larry Rosenman
http://www.lerctr.org/~ler
> > > > > Phone: +1 214-642-9640
E-Mail: larryrtx at gmail.com
> > > > > US Mail: 5708 Sabbia Drive, Round
Rock, TX 78665-2106
> > > > >
> > > > > ?On 7/11/18, 5:00 PM, "dovecot
on behalf of Teno Deuter" <dovecot-bounces at dovecot.org on behalf of
gvgter at googlemail.com> wrote:
> > > > >
> > > > > produces an empty result!
> > > > >
> > > > > On Wed, Jul 11, 2018 at 11:57
PM, Richard
> > > > > <inbound-dovecot at
listmail.innovate.net> wrote:
> > > > > > what does the output of:
> > > > > >
> > > > > > netstat -n | grep :587
> > > > > >
> > > > > > run as root, show you? the
-p will give the program and pid.
> > > > > >
> > > > > >
> > > > > >
> > > > > >> Date: Wednesday, July
11, 2018 21:51:09 +0000
> > > > > >> From: Larry Rosenman
<larryrtx at gmail.com>
> > > > > >>
> > > > > >> Yep, you (probably)
need to configure openSMTPD to listen on 587
> > > > > >>
> > > > > >> (I run exim, so I
can't help with that).
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
which means I can't use a self-signed cert at all? Or can I define this somewhere? On Thu, Jul 12, 2018 at 12:46 AM, Larry Rosenman <larryrtx at gmail.com> wrote:> yep > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > ?On 7/11/18, 5:46 PM, "Teno Deuter" <gvgter at googlemail.com> wrote: > > the maillog shows: > > reason="io-error: error:14037418:SSL routines:ACCEPT_SR_KEY_EXCH:tlsv1 > alert unknown ca" > > please note that I'm using a self-signed cert. Is that the reason? > > On Thu, Jul 12, 2018 at 12:42 AM, Larry Rosenman <larryrtx at gmail.com> wrote: > > Then you need to look at the opensmtpd logs to figure out why the starttls is failing. > > > > > > > > -- > > Larry Rosenman http://www.lerctr.org/~ler > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > ?On 7/11/18, 5:42 PM, "Teno Deuter" <gvgter at googlemail.com> wrote: > > > > actually I did define the staic IP address already and now I get the > > following in the roundcube error log: > > > > STARTTLS failed () > > Invalid response code received from server (-1) > > Failed to write to socket: unknown error () > > SMTP Error: Authentication failure: STARTTLS failed (Code: ) > > > > > > > > On Thu, Jul 12, 2018 at 12:40 AM, Larry Rosenman <larryrtx at gmail.com> wrote: > > > Yes, or, add another block of lines with lo (or lo0) depending on what your kernel uses for loopback in place of the $egress_int parameter to get it to listen on 127.0.0.1 as well. > > > > > > > > > > > > -- > > > Larry Rosenman http://www.lerctr.org/~ler > > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > ?On 7/11/18, 5:38 PM, "Teno Deuter" <gvgter at googlemail.com> wrote: > > > > > > shows the static IP address of the box. You mean to put that address > > > in the config file? > > > > > > On Thu, Jul 12, 2018 at 12:36 AM, Larry Rosenman <larryrtx at gmail.com> wrote: > > > > What does ifconfig nfe0 show for inet? > > > > > > > > > > > > -- > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > ?On 7/11/18, 5:35 PM, "Teno Deuter" <gvgter at googlemail.com> wrote: > > > > > > > > but: > > > > > > > > egress_int="nfe0" > > > > > > > > you mean to put this value? > > > > > > > > On Thu, Jul 12, 2018 at 12:30 AM, Larry Rosenman <larryrtx at gmail.com> wrote: > > > > > $egress_int is NOT 127.0.0.1. > > > > > > > > > > Change roundcube to use the same address. > > > > > > > > > > > > > > > -- > > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > > > ?On 7/11/18, 5:26 PM, "Teno Deuter" <gvgter at googlemail.com> wrote: > > > > > > > > > > this is what I have now in my smptd conf file: > > > > > > > > > > listen on $egress_int pki server.pki tls-require hostname [domain] > > > > > listen on $egress_int pki server.pki port 587 tls-require auth hostname [domain] > > > > > listen on $egress_int pki server.pki smtps auth hostname [domain] > > > > > > > > > > but the problem is still there :( > > > > > > > > > > On Thu, Jul 12, 2018 at 12:04 AM, Larry Rosenman <larryrtx at gmail.com> wrote: > > > > > > --- > > > > > > /etc/smtpd/smtpd.conf > > > > > > pki mx.domain.tld certificate "/etc/smtpd/tls/smtpd.crt" > > > > > > pki mx.domain.tld key "/etc/smtpd/tls/smtpd.key" > > > > > > > > > > > > table creds "/etc/smtpd/creds" > > > > > > table vdoms "/etc/smtpd/vdoms" > > > > > > table vusers "/etc/smtpd/vusers" > > > > > > > > > > > > listen on eth0 tls pki mx.domain.tld > > > > > > listen on eth0 port 587 tls-require pki mx.domain.tld auth <creds> > > > > > > > > > > > > accept from any for domain <vdoms> virtual <vusers> deliver to mbox > > > > > > accept for any relay > > > > > > ---- > > > > > > Add a: > > > > > > listen on lo port 587 tls-require pki mx.domain.tld auth <creds> > > > > > > > > > > > > > > > > > > -- > > > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > > > > > ?On 7/11/18, 5:00 PM, "dovecot on behalf of Teno Deuter" <dovecot-bounces at dovecot.org on behalf of gvgter at googlemail.com> wrote: > > > > > > > > > > > > produces an empty result! > > > > > > > > > > > > On Wed, Jul 11, 2018 at 11:57 PM, Richard > > > > > > <inbound-dovecot at listmail.innovate.net> wrote: > > > > > > > what does the output of: > > > > > > > > > > > > > > netstat -n | grep :587 > > > > > > > > > > > > > > run as root, show you? the -p will give the program and pid. > > > > > > > > > > > > > > > > > > > > > > > > > > > >> Date: Wednesday, July 11, 2018 21:51:09 +0000 > > > > > > >> From: Larry Rosenman <larryrtx at gmail.com> > > > > > > >> > > > > > > >> Yep, you (probably) need to configure openSMTPD to listen on 587 > > > > > > >> > > > > > > >> (I run exim, so I can't help with that). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
Turn off TLS for webmail. It's not leaving the machine.
Or get a letsencrypt.org cert. (they are free) see acme.sh
(https://github.com/Neilpang/acme.sh)
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
?On 7/11/18, 5:48 PM, "Teno Deuter" <gvgter at googlemail.com>
wrote:
which means I can't use a self-signed cert at all? Or can I define
this somewhere?
On Thu, Jul 12, 2018 at 12:46 AM, Larry Rosenman <larryrtx at
gmail.com> wrote:
> yep
>
> --
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com
> US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
>
> ?On 7/11/18, 5:46 PM, "Teno Deuter" <gvgter at
googlemail.com> wrote:
>
> the maillog shows:
>
> reason="io-error: error:14037418:SSL
routines:ACCEPT_SR_KEY_EXCH:tlsv1
> alert unknown ca"
>
> please note that I'm using a self-signed cert. Is that the
reason?
>
> On Thu, Jul 12, 2018 at 12:42 AM, Larry Rosenman <larryrtx at
gmail.com> wrote:
> > Then you need to look at the opensmtpd logs to figure out why
the starttls is failing.
> >
> >
> >
> > --
> > Larry Rosenman http://www.lerctr.org/~ler
> > Phone: +1 214-642-9640 E-Mail: larryrtx at
gmail.com
> > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
> >
> > ?On 7/11/18, 5:42 PM, "Teno Deuter" <gvgter at
googlemail.com> wrote:
> >
> > actually I did define the staic IP address already and now
I get the
> > following in the roundcube error log:
> >
> > STARTTLS failed ()
> > Invalid response code received from server (-1)
> > Failed to write to socket: unknown error ()
> > SMTP Error: Authentication failure: STARTTLS failed (Code:
)
> >
> >
> >
> > On Thu, Jul 12, 2018 at 12:40 AM, Larry Rosenman
<larryrtx at gmail.com> wrote:
> > > Yes, or, add another block of lines with lo (or lo0)
depending on what your kernel uses for loopback in place of the $egress_int
parameter to get it to listen on 127.0.0.1 as well.
> > >
> > >
> > >
> > > --
> > > Larry Rosenman
http://www.lerctr.org/~ler
> > > Phone: +1 214-642-9640 E-Mail: larryrtx
at gmail.com
> > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
> > >
> > > ?On 7/11/18, 5:38 PM, "Teno Deuter"
<gvgter at googlemail.com> wrote:
> > >
> > > shows the static IP address of the box. You mean
to put that address
> > > in the config file?
> > >
> > > On Thu, Jul 12, 2018 at 12:36 AM, Larry Rosenman
<larryrtx at gmail.com> wrote:
> > > > What does ifconfig nfe0 show for inet?
> > > >
> > > >
> > > > --
> > > > Larry Rosenman
http://www.lerctr.org/~ler
> > > > Phone: +1 214-642-9640 E-Mail:
larryrtx at gmail.com
> > > > US Mail: 5708 Sabbia Drive, Round Rock, TX
78665-2106
> > > >
> > > > ?On 7/11/18, 5:35 PM, "Teno
Deuter" <gvgter at googlemail.com> wrote:
> > > >
> > > > but:
> > > >
> > > > egress_int="nfe0"
> > > >
> > > > you mean to put this value?
> > > >
> > > > On Thu, Jul 12, 2018 at 12:30 AM, Larry
Rosenman <larryrtx at gmail.com> wrote:
> > > > > $egress_int is NOT 127.0.0.1.
> > > > >
> > > > > Change roundcube to use the same
address.
> > > > >
> > > > >
> > > > > --
> > > > > Larry Rosenman
http://www.lerctr.org/~ler
> > > > > Phone: +1 214-642-9640
E-Mail: larryrtx at gmail.com
> > > > > US Mail: 5708 Sabbia Drive, Round
Rock, TX 78665-2106
> > > > >
> > > > > ?On 7/11/18, 5:26 PM, "Teno
Deuter" <gvgter at googlemail.com> wrote:
> > > > >
> > > > > this is what I have now in my
smptd conf file:
> > > > >
> > > > > listen on $egress_int pki
server.pki tls-require hostname [domain]
> > > > > listen on $egress_int pki
server.pki port 587 tls-require auth hostname [domain]
> > > > > listen on $egress_int pki
server.pki smtps auth hostname [domain]
> > > > >
> > > > > but the problem is still there
:(
> > > > >
> > > > > On Thu, Jul 12, 2018 at 12:04
AM, Larry Rosenman <larryrtx at gmail.com> wrote:
> > > > > > ---
> > > > > > /etc/smtpd/smtpd.conf
> > > > > > pki mx.domain.tld
certificate "/etc/smtpd/tls/smtpd.crt"
> > > > > > pki mx.domain.tld key
"/etc/smtpd/tls/smtpd.key"
> > > > > >
> > > > > > table creds
"/etc/smtpd/creds"
> > > > > > table vdoms
"/etc/smtpd/vdoms"
> > > > > > table vusers
"/etc/smtpd/vusers"
> > > > > >
> > > > > > listen on eth0 tls pki
mx.domain.tld
> > > > > > listen on eth0 port 587
tls-require pki mx.domain.tld auth <creds>
> > > > > >
> > > > > > accept from any for domain
<vdoms> virtual <vusers> deliver to mbox
> > > > > > accept for any relay
> > > > > > ----
> > > > > > Add a:
> > > > > > listen on lo port 587
tls-require pki mx.domain.tld auth <creds>
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Larry Rosenman
http://www.lerctr.org/~ler
> > > > > > Phone: +1 214-642-9640
E-Mail: larryrtx at gmail.com
> > > > > > US Mail: 5708 Sabbia
Drive, Round Rock, TX 78665-2106
> > > > > >
> > > > > > ?On 7/11/18, 5:00 PM,
"dovecot on behalf of Teno Deuter" <dovecot-bounces at dovecot.org
on behalf of gvgter at googlemail.com> wrote:
> > > > > >
> > > > > > produces an empty
result!
> > > > > >
> > > > > > On Wed, Jul 11, 2018
at 11:57 PM, Richard
> > > > > > <inbound-dovecot at
listmail.innovate.net> wrote:
> > > > > > > what does the
output of:
> > > > > > >
> > > > > > > netstat -n |
grep :587
> > > > > > >
> > > > > > > run as root, show
you? the -p will give the program and pid.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >> Date:
Wednesday, July 11, 2018 21:51:09 +0000
> > > > > > >> From: Larry
Rosenman <larryrtx at gmail.com>
> > > > > > >>
> > > > > > >> Yep, you
(probably) need to configure openSMTPD to listen on 587
> > > > > > >>
> > > > > > >> (I run exim,
so I can't help with that).
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>