So, everything is working, the birds are singing, there's a spring in my step. Almost. I can login and collect mail fine if I configure Thunderbird to use SSL on port 995, but if I switch to TLS on port 110, all I get in maillog is Code: postfix/master[23325]: daemon started -- version 2.6.5, configuration /etc/postfix pop3d: Connection, ip=[::ffff:192.168.1.2] pop3d: Disconnected, ip=[::ffff:192.168.1.2] Thunderbird reports 'Unable to establish a TLS connection to POP3 server. [...]'. (How can I control the log-levels of pop3d and pop3d-ssl? I don't have much to go on.) So, what's going on here? How can I tell Courier to listen to TLS on 110? Thanks,
main.cf? Doesn't that control PostFix? Anyway, Code: [root@torg ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 7 debug_peer_list = $myhostname $mydomain home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = localhost, localhost.localdomain mydomain = $myhostname myhostname = mydomain.com mynetworks = 192.168.1.0/24 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases.postfix proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES relay_domains = relayhost = smtp1.bethere.co.uk:25 sample_directory = /usr/share/doc/postfix-2.6.5/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_loglevel = 3 smtpd_tls_security_level = encrypt smtpd_use_tls = yes transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf unknown_local_recipient_reject_code = 550 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_uid_maps = static:5000
Code: [root@torg ~]# sed '/^\#/d' /etc/courier/pop3d | sed '/^$/d' PIDFILE=/var/spool/courier/tmp/pop3d.pid MAXDAEMONS=40 MAXPERIP=4 POP3AUTH="" POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" POP3AUTH_TLS="" POP3AUTH_TLS_ORIG="LOGIN PLAIN" POP3_PROXY=0 PORT=110 ADDRESS=0 TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=pop3d" POP3DSTART=YES MAILDIRPATH=Maildir and Code: [root@torg ~]# sed '/^\#/d' /etc/courier/pop3d-ssl | sed '/^$/d' SSLPORT=995 SSLADDRESS=0 SSLPIDFILE=/var/spool/courier/tmp/pop3d-ssl.pid SSLLOGGEROPTS="-name=pop3d-ssl" POP3DSSLSTART=YES POP3_STARTTLS=YES POP3_TLS_REQUIRED=1 COURIERTLS=/usr/lib/courier/bin/couriertls TLS_STARTTLS_PROTOCOL=TLS1 TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/usr/lib/courier/share/pop3d.pem TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/spool/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir I tried setting POP3AUTH_TLS="LOGIN", but that had no effect. I don't want to fiddle, 'cos I'll only break things. Where should I be looking, exactly?
Hi Torg Did you finally fix it? I'm having the exact same issue on a server runing debian. Tls doesn't want to work. Thundebird says: An error occurred during a connection to mail.server1.com:110. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) Config files pop3d and pop3d-ssl are default from ispconfig 3 Regards
Courier pop tls problem Hi there Apparently courier is not sending a valid certificate. Doing from outside: openssl s_client -connect mail.larawines.comop3s -starttls pop3 I get CONNECTED(00000003) 21206:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: Running the same command within the server, I get: CONNECTED(00000003) write:errno=32 This is what I see in syslog: Feb 11 03:36:04 ks363572 pop3d-ssl: couriertls: /etc/ssl/certs/70cdada4.0: No such file or directory It's quite weird because I have another server running also a debian lenny 64bit with the same settings that works well. It's a self-signed certificate and I have recreate it many times, but that shouldn 't matter, isn't it? Does anyone have any clue? Regards
Good afternoon Well, finally problem seem to be solved. And it had an easy solution just, aptitude purge ca-certificates ssl-cert courier-ssl courier-imap-ssl courier-pop-ssl and after that aptitude install ca-certificates ssl-cert courier-ssl courier-imap-ssl courier-pop-ssl That was the las thing I wanted to do because I thought that uninstalling things could have nasty effects with the rest of the ispconfig 3 setup, but everything seems to be still working. It looks like the default certificates that courier makes during reinstallation works, but not the ones I do myself. I'd like to understand why, but thinking twice I'm happy and just hope problem is really fixed. Regards
Sorry for warming up an old thread, but I have the problem with the same symptoms but a different cause, so I am writing this solution as well. STLS was missing in the CAPA reply on pop3/110 Code: +OK Hello there. capa +OK Here's what I can do: SASL PLAIN LOGIN CRAM-MD5 TOP USER LOGIN-DELAY 10 PIPELINING UIDL IMPLEMENTATION Courier Mail Server . quit after adding the line to pop3d Code: POP3_STARTTLS=YES it works.