Hi all, My users (who use Thunderbird) are getting an error "Security Error: Domain Name Mismatch". In summary it says that mail.netserve.com does not match localhost. I must have inadvertently created the cert with localhost. So I created a new cert. openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509 Then: chmod o= /etc/postfix/smtpd.key I restarted the mail servers: I cleared the cache on the users computer and deleted the known certs in Thunderbird. They are still retrieving the old cert and hence, getting the error. Why is the client getting the wrong cert? I know the server config is pointing to the correct cert file: As a side note: No issues with OE clients. My mail server is based on falko's Virtual Mail Server with Postfix, Courier, MySQL (Ubuntu 7.10) Thanks to all in advance! hackerkatt
@thecaoticone, I'm not at all one who fully understands setting up an email server, but I don't think so. I believe I am authenticating against the smtpd.cert when the client logs in. I could be wrong though. I did a search for any other certs on the system. Nothing other than smtpd.cert. hackerkatt
The only other thing I can think of is that your server is answering to localhost instead of mail.netserve.com In your /etc/postfix/main.cf do you an entry like this: myhostname = mail.netserve.com
@thecaoticone, Here is a snippet of my main.cf file: /etc/mailname Telnet from another computer: As you can see I have a proper myhostname in main.cf and responding to a telnet session with the proper FQDN. hackerkatt
I just checked my mail with thunderbird and got the same error because I have not installed my real certificates yet. It is pop3 and imap certificates. here is the fix from http://www.idealog.us/2004/10/helpful_guide_t.html: --------------------------------------------------------------------------------------------------------- UPDATED: The SSL certificate you see from within thunderbird when checking email is the courier certficate, the cert you see when sending email is the postfix cert. So we were seeing a problem when checking email that the certficate was the auto-generated courier cert that claimed to be for "localhost". The way you update the courier cert is: 1. edit /etc/courier/imapd.cnf change the common name in that file to your FQDN (e.g. mail.yourdomain.org) make any other changes you care to 2. run /usr/lib/courier/mkimapdcert (this might complain 'imapd.pem' already exists. rm /usr/lib/courier/imapd.pem then try again) 3. cp /usr/lib/courier/imapd.pem to /etc/courier/imapd.pem 4. /etc/init.d/courier-imap-ssl restart End of Update. --------------------------------------------------------------------------------------------------------- You will need to this for the pop3d.pem Do the same thing just replace imapd with pop3d then do: /etc/init.d/courier-pop-ssl restart
@thecaoticone, You the man! That did the trick. So as you said, apparently when Courier-IMAP and POP3 are installed, the certs are auto gen'd as I never generated them myself. Thanks so very much for your help! hackerkatt
