Using a new 'Perfect Setup' server on a Debian 3.1-Sarge build, almost everything is working great! BUT, when Thunderbird logs in to the pop3 server it throws this error: 'You have attempted to establish a connection with "someurl.com". However, the security certificate presented belongs to "localhost". ' The message goes away if I disable TLS in Thunderbird, but I'd like to make it work. I tried re-running generation of the certificate using openssl in the manner described in this thread: http://www.howtoforge.com/forums/showthread.php?t=1016 ...I ran those commands, restarted postfix, but it didn't resolve the problem. Clearly a certificate is being issued and forwarded to Thunderbird, but it is mislabeled some how. BTW, this body of work is wonderful! My deep gratitude to Mr. Timmes, and all the contributors to this forum!!! Elliott BTW, I do have ISPConfig working with this set up, too. If I need to regenerate the certificates with some corrections/editing, can ISPConfig help with that? Learning as I go!
G'day, Falco! Thanks so much for your guide! Yes, it is Courier. Here is the output of netstat -tap: myserver:~# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 1176/couriertcpd tcp 0 0 *:9090 *:* LISTEN 1418/perl tcp 0 0 *op3s *:* LISTEN 1199/couriertcpd tcp 0 0 localhost.localdom:9092 *:* LISTEN 1477/mysqld tcp 0 0 *:9000 *:* LISTEN 1418/perl tcp 0 0 *:mysql *:* LISTEN 1257/mysqld tcp 0 0 *op3 *:* LISTEN 1185/couriertcpd tcp 0 0 *:imap2 *:* LISTEN 1162/couriertcpd tcp 0 0 *:www *:* LISTEN 1526/apache2 tcp 0 0 *:81 *:* LISTEN 1489/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 24271/proftpd: (acc tcp 0 0 virt-server.some:domain *:* LISTEN 1655/named tcp 0 0 myserver.someurl.domain *:* LISTEN 1655/named tcp 0 0 localhost.locald:domain *:* LISTEN 1655/named tcp 0 0 *:ssh *:* LISTEN 1423/sshd tcp 0 0 *:smtp *:* LISTEN 24322/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 1655/named tcp 0 0 *:https *:* LISTEN 1526/apache2 tcp 0 0 *:3483 *:* LISTEN 1418/perl BTW, I've written some notes on how well your guide works, and I'd like to post it to a server-newbies forum when it's polished. Any suggestion where? Thanks!
If you use Courier, you can use the command mkpop3dcert to generate a new certificate. Take a look at Code: man mkpop3dcert
Ok. I think I might have got it. No luck with mkpop3dcert the first time around, despite my renaming /usr/lib/courier/pop3d.pem to usr/lib/courier/pop3d.pem.save. It ran and went through the motions of making a certificate, but on checking mail in T-bird, I found the same problems with an old certificate still dated from last week and belonging to CN=localhost. Then I found /etc/courier/pop3d.pem as well, so I renamed that one to .sav, and reran mkpop3dcert. Again it made a certificate. Now Thunderbird seems to work correctly. Good! Is it correct for pop3d.pem to reside in both /usr/lib/courier and /etc/courier? As I look at the files now, pop3d.pem is only to be found in /usr/lib/courier. Is there supposed to be a symlink from /usr/lib/courier/pop3d.pem to a file in /etc/courier? Thanks so much for the help!
Ok. A postscript: I'll answer my own question: It looks like there must be a symlink from /etc/courier/pop3d.pem back to the /usr/lib/courier/pop3d.pem file. When I thought I had it working earlier today, it was not actually working. A review of /var/log/mail.log showed this with an error message. The server was seeking pop3d.pem in /etc/courier, but not finding it there. I created the symlink by running: ln -s /usr/lib/courier/pop3d.pem /etc/courier/pop3d.pem Then I restarted all courier servers, and postfix, just to be really thourough, and now it works perfectly as a TLS enable server. Woot! Elliott
