Hi, I have been looking at my syslog and I see that I am getting the following error when pop3 tries to pick up mail:- Feb 8 06:27:56 server1 kernel: [15872.100000] s-pop3 connect:IN=eth0 OUT= MAC=00:16:17:ea:fe:98:00:02:85:11:f7:00:08:00 SRC=71.59.199.158 DST=88.xxxxxxx LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=41615 DF PROTO=TCP SPT=4593 DPT=995 WINDOW=65535 RES=0x00 SYN URGP=0 Feb 8 06:27:56 server1 pop3d-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Feb 8 06:27:57 server1 kernel: [15872.500000] s-pop3 connect:IN=eth0 OUT= MAC=00:16:17:ea:fe:98:00:02:85:11:f7:00:08:00 SRC=71.59.199.158 DST=88.1xxxxxx LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=41618 DF PROTO=TCP SPT=4594 DPT=995 WINDOW=65535 RES=0x00 SYN URGP=0 Feb 8 06:27:57 server1 pop3d-ssl: Unexpected SSL connection shutdown. I have found a post relating to this:- http://groups.google.com/group/mailing.unix.courier-imap/browse_thread/thread/ea56f60bbca15d05 So I want to try modifying the following parameters so they all read SSL23:- > courierd:TLS_PROTOCOL=TLS1 > esmtpd-ssl:TLS_PROTOCOL=SSL23 > esmtpd:TLS_PROTOCOL=TLS1 > imapd-ssl:TLS_PROTOCOL=SSL23 > imapd-ssl:TLS_STARTTLS_PROTOCOL=TLS1 > pop3d-ssl:TLS_PROTOCOL=SSL23 > pop3d-ssl:TLS_STARTTLS_PROTOCOL=TLS1 what file are these parameters in ? also, should i open port 465 on my firewall ?
making some progress Following this link:- https://help.ubuntu.com/community/Courier seems to indicate where the imap elements of courier are. BTW as i don't use imap, i did not install the courier imap packages. maybe this could be causing my problem. anyway i found the following files in the directory /etc/courier:- authdaemonrc authmodulelist pop3d pop3d.cnf pop3d.pem pop3d-ssl I modified the log level in authdaemonrc to 1, so should get more diagnostic info. now. i will just go through these files and search for the parameters i think need to be changed now !!
found another post relating to this problem btw am now working from another post i found that might correct the error message:- http://www.mail-archive.com/[email protected]/msg30545.html
am i talking to myself here ? Gosh this is good isn't it. Why does nobody ever reply but me ?? Is it something i said ???? Well anyway i fixed the problem now. Bet you what to know how don't you ???? Well i am such a public spirited kind of guy, heres the answer:- the file to modify is /etc/courier/pop3d-ssl. Correct the line mentioned above to TLS_PROTOCOL=SSL23 ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # SSL2 - SSLv2 # SSL3 - SSLv3 # TLS1 - TLS1 TLS_PROTOCOL=SSL23 Here is the handshake session I am getting now:- Feb 8 12:49:38 server1 kernel: [ 73.060000] s-pop3 connect:IN=eth0 OUT= MAC=00:16:17:ea:fe:98:00:02:85:11:f7:00:08:00 SRC=85.18.136.77 DST=xxxxxxxxxx LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=34603 DF PROTO=TCP SPT=20467 DPT=995 WINDOW=5840 RES=0x00 SYN URGP=0 Feb 8 12:49:38 server1 kernel: [ 73.080000] s-pop3 connect:IN=eth0 OUT= MAC=00:16:17:ea:fe:98:00:02:85:11:f7:00:08:00 SRC=85.18.136.77 DST=xxxxxxxxxxxxx LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=14076 DF PROTO=TCP SPT=20472 DPT=995 WINDOW=5840 RES=0x00 SYN URGP=0 Feb 8 12:49:38 server1 pop3d-ssl: Connection, ip=[::ffff:85.18.136.77] Feb 8 12:49:38 server1 pop3d-ssl: Connection, ip=[::ffff:85.18.136.77] super!!! loads of spam coming in now, thanks to the dodgy settings in the postfix main.cf file !! I'll have to do another post to let you special people know how to fickx that one..... "Don't thank me, just send money" RSVP
I guess you're a bit too impatient. We're doing everything to help people, it's just that we don't sit in front of the forum the whole day waiting for posts to be answered. That's why it can take some time until you get an answer.
Money is the root of all evil ok point taken. I run my business with this software, so i need it up quickly, but at the same time I have no money How can I buy support for ispconfig ? Can you send me a link ?
Take a look here: http://www.ispconfig.org/support.htm You can also send an email: info [at] projektfarm [dot] de
