outlook fails pop3 ssl auth with courier and postfix -


first off, works fine kontacts, outlook being pain. fresh server new build following method https://wiki.gentoo.org/wiki/complete_virtual_mail_server when using outlook , running test get:

aug 10 09:47:19 emailer1 pop3d-ssl: couriertls: /etc/ssl/certs/48ef30f1.0: no such file or directory ^c emailer1 ~ # updatedb emailer1 ~ # locate 48ef30f1 /etc/ssl/certs/48ef30f1.0 emailer1 ~ # ls -l /etc/ssl/ total 44 drwxr-xr-x 2 root  root   4096 aug  8 07:46 apache2 drwxr-xr-x 2 vmail vmail 12288 aug  8 12:06 certs drwxr-xr-x 2 root  root   4096 aug  9 04:01 courier-imap drwxr-xr-x 2 root  root   4096 aug  8 12:05 misc -rw-r--r-- 1 root  root  10835 aug  8 12:03 openssl.cnf drwxr-xr-x 2 root  root   4096 aug 10 09:15 postfix drwx------ 2 root  root   4096 aug  8 12:05 private emailer1 ~ #    emailer1 ~ # postconf -n broken_sasl_auth_clients = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = path=/bin:/usr/bin:/usr/local/bin:/usr/x11r6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = .maildir/ html_directory = no inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_cafile = /etc/ssl/postfix/nyctelecomm.com.crt smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/postfix/nyctelecomm.com.crt smtpd_tls_key_file = /etc/ssl/postfix/nyctelecomm.com.key smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf virtual_uid_maps = static:5000 

the permissions root before.

emailer1 ~ # cat /etc/courier-imap/pop3d-ssl ##version: $id: pop3d-ssl.dist.in,v 1.22 2008/07/12 20:17:25 mrsam exp $ # # pop3d-ssl created pop3d-ssl.dist sysconftool # # not alter lines begin ##, used when upgrading # configuration. # #  copyright 2000-2008 double precision, inc.  see copying #  distribution information. # #  configuration file sets various options courier-imap server #  when used handle ssl pop3 connections. # #  ssl , non-ssl connections handled dedicated instance of #  couriertcpd daemon.  if accepting both ssl , non-ssl pop3 #  connections, start 2 instances of couriertcpd, 1 on #  pop3 port 110, , 1 on pop3-ssl port 995. # #  download openssl http://www.openssl.org/ # ##name: sslport:0 # #  options in pop3d-ssl configuration file augment options in #  pop3d configuration file.  first pop3d configuration file read, #  pop3d-ssl configuration file, not have redefine #  anything. # #  however, things have redefined.  port number #  specified sslport, instead of port.  default port port 995. # #  multiple port numbers can separated commas.  when multiple port #  numbers used possibly select specific ip address #  given port "ip.port".  example, "127.0.0.1.900,192.168.0.1.900" #  accepts connections on port 900 on ip addresses 127.0.0.1 , 192.168.0.1 #  ssladdress setting default ports not have #  specified ip address.  sslport=995  ##name: ssladdress:0 # #  address listen on, can set single ip address. # # ssladdress=127.0.0.1  ssladdress=0  ##name: sslpidfile:0 #  sslpidfile=/var/run/pop3d-ssl.pid  ##name: sslloggeropts:0 # # courierlogger(1) options. #  sslloggeropts="-name=pop3d-ssl"  ##name: pop3dsslstart:0 # #  whether or not start pop3 on ssl on spop3 port:  pop3dsslstart=yes  ##name: pop3_starttls:0 # # whether or not implement pop3 stls extension:  pop3_starttls=yes  ##name: pop3_tls_required:1 # # set pop3_tls_required 1 if require starttls everyone. # (this option advertises logindisabled pop3 capability, until starttls # issued).  pop3_tls_required=0  ##name: couriertls:0 # # following variables configure pop3 on ssl.  if openssl or gnutls # available during configuration, couriertls helper gets compiled, , # upon installation dummy tls_certfile gets generated. # # warning: peer certificate verification has not yet been tested.  proceed # @ own risk.  basic ssl/tls functionality known # working. keep in mind play following variables.  couriertls=/usr/sbin/couriertls  ##name: tls_protocol:0 # # tls_protocol sets protocol version.  possible versions are: # # openssl: # # ssl2 - sslv2 # ssl3 - sslv3 # ssl23 - either sslv2 or sslv3 (also tls1, seems) # tls1 - tls1 # # note setting, openssl, modified tls_cipher_list # setting, below. # # gnutls: # # ssl3   - sslv3 # tls1   - tls 1.0 # tls1_1 - tls 1.1 # # when compiled against gnutls, multiple protocols can selected follows: # # tls_protocol="tls1_1:tls1:ssl3" # # default values: # # ssl23 (openssl), or "tls_1:tls1:ssl3" (gnutls)  ##name: tls_starttls_protocol:0 # # tls_starttls_protocol used instead of tls_protocol pop3 starttls # extension, opposed pop3 on ssl on port 995. # # takes same values openssl/gnutls tls_protocol  tls_starttls_protocol=tls1  ##name: tls_cipher_list:0 # # tls_cipher_list optionally sets list of ciphers used # openssl library.  in situations can leave tls_cipher_list # undefined # # openssl: # # tls_cipher_list="sslv3:tlsv1:!sslv2:high:!low:!medium:!exp:!null@strength" # # enable ssl2, remove obvious "!sslv2" part above list. # # # gnutls: # # tls_cipher_list="high:medium" # # actual list of available ciphers depend on options gnutls # compiled against. possible ciphers are: # # aes256, 3des, aes128, arc128, arc40, rc2, des, null # # also, following aliases: # # high -- ciphers use more 128 bit key size # medium -- ciphers use 128 bit key size # low -- ciphers use fewer 128 bit key size, null cipher #        not included # -- ciphers except null cipher   ##name: tls_min_dh_bits:0 # # tls_min_dh_bits=n # # gnutls only: # # set minimum number of acceptable bits dh key exchange. # # gnutls's compiled-in default 727 bits (as of gnutls 1.6.3). server # have been encountered offer 512 bit keys. may have set # tls_min_dh_bits=512 here, if necessary.  ##name: tls_kx_list:0 # # gnutls only: # # allowed key exchange protocols. default of "all" should sufficient. # list of supported key exchange protocols depends on options gnutls # compiled against, may include following: # # dhersa, dhedss, rsa, srp, srprsa, srpdss, psk, dhepsk, anondh, rsaexport  tls_kx_list=all  ##name: tls_compression:0 # # gnutls only: # # optional compression. "all" selects available compression methods. # # available compression methods: deflate, lzo, null  tls_compression=all  ##name: tls_certs:0 # # gnutls only: # # supported certificate types x509 , openpgp. # # openpgp has not been tested  tls_certs=x509  ##name: tls_timeout:0 # tls_timeout not implemented, , reserved future use. # supposed inactivity timeout, not yet implemented. #  ##name: tls_dhcertfile:0 # # tls_dhcertfile - pem file stores diffie-hellman -based certificate. # when openssl compiled use diffie-hellman ciphers instead of rsa # must generate dh pair used.  in situations # dh pair treated confidential, , file specified # tls_dhcertfile must not world-readable. # # tls_dhcertfile=  ##name: tls_certfile:0 # # tls_certfile - certificate use.  tls_certfile required ssl/tls # servers, , optional ssl/tls clients.  tls_certfile # treated confidential, , must not world-readable. set tls_certfile # instead of tls_dhcertfile if garden-variety certificate # # virtual hosts (servers only): # # due technical limitations in original ssl/tls protocol, dedicated # ip address required each virtual host certificate. if have # multiple certificates, install each certificate file # $tls_certfile.aaa.bbb.ccc.ddd, "aaa.bbb.ccc.ddd" ip address # certificate's domain name. so, if tls_certfile set # /etc/certificate.pem, you'll need install actual certificate # files /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 # , on, each ip address. # # gnutls (servers only): # # gnutls implements new tls extension eliminates need have # dedicated ip address each ssl/tls domain name. install each certificate # $tls_certfile.domain, if tls_certfile set /etc/certificate.pem, # you'll need install actual certificate files # /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com # , on. # # note tls extension requires corresponding support in # client. older ssl/tls clients may not support feature. # # experimental feature.  tls_certfile=/etc/ssl/postfix/nyctelecomm.com.pem  ##name: tls_trustcerts:0 # # tls_trustcerts=pathname - load trusted certificates pathname. # pathname can file or directory. if file, file should # contain list of trusted certificates, in pem format. if # directory, directory should contain trusted certificates, # in pem format, 1 per file , hashed using openssl's c_rehash # script. tls_trustcerts used ssl/tls clients (by specifying # -domain option) , ssl/tls servers (tls_verifypeer set # peer or requirepeer). #  tls_trustcerts=/etc/ssl/certs  ##name: tls_verifypeer:0 # # tls_verifypeer - how verify client certificates.  possible values of # setting are: # # none - not verify # # peer - verify client certificate, if one's presented # # requirepeer - require client certificate, fail if one's not presented # # tls_verifypeer=none  ##name: tls_external:0 # # enable ssl certificate-based authentication: # # 1) tls_trustcerts must set pathname holds certificate #    authority's ssl certificate # # 2) tls_verifypeer=peer or tls_verifypeer=requirepeer (the later settings #    requires ssl clients present certificate, , rejects #    ssl/tls connections without valid cert). # # 3) set tls_external, below, subject field holds login id. #    example: # #  tls_external=emailaddress # # above example retrieves login id "emailaddress" subject # field. certificate's emailaddress subject must match login # id in courier-authlib database.  ##name: tls_cache:0 # # tls/ssl session cache may improve response long-running # pop3 clients. tls_cachefile automatically created, tls_cachesize # bytes long, , used cache buffer. # # experimental feature , should disabled if causes # problems ssl clients.  disable ssl caching commenting out # following settings:  tls_cachefile=/var/lib/courier-imap/couriersslcache tls_cachesize=524288  ##name: maildirpath:0 # # maildirpath - directory name of maildir directory. # maildirpath=maildir  # hardwire value ${maildir} maildir=.maildir maildirpath=.maildir 

the issue happened on both outlook , kontacts, wasn't digging deep enough. since os gentoo, re emerged ca-certificates , deleted of broken links (as specified emerge) , 100%


Comments

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

gcc - Calling fftR4() in c from assembly -

.htaccess - Matching full URL in RewriteCond -