XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum -> xmail and openSSL troubles...

Reply to this topicStart new topicStart Poll

> xmail and openSSL troubles..., running on MDK 9.2
cmyk
Posted: Nov 15 2003, 07:16 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



i am following the instructions from this tuorial:
http://xmailforum.homelinux.net/index.php?...st=0&#entry5697

1) i am having the following trouble:
the documentation is very short about -PI.
after i did this:
/var/MailRoot/bin/XMail -PI 127.0.0.1:110
/var/MailRoot/bin/XMail -PI 127.0.0.1:25

i can't send an emails anymore...
how do i set the default again? waht's the defaults?


my smtp.ipmap.tab:
"0.0.0.0" "0.0.0.0" "ALLOW" 1

my pop3.ipmap.tab:
"0.0.0.0" "0.0.0.0" "ALLOW" 1


what i would like is, that i could use pop/smtp still without ssl, and also with ssl.


2) it seems that i have some trouble with stunnel:

stunnel log:

2003.11.15 19:00:37 LOG5[14603:16384]: stunnel 4.04 on i586-mandrake-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7b 10
Apr 2003
2003.11.15 19:00:37 LOG4[14603:16384]: Wrong permissions on /usr/local/etc/stunnel/stunnel.pem
2003.11.15 19:00:37 LOG7[14603:16384]: Snagged 64 random bytes from /root/.rnd
2003.11.15 19:00:37 LOG7[14603:16384]: Wrote 1024 new random bytes to /root/.rnd
2003.11.15 19:00:37 LOG7[14603:16384]: RAND_status claims sufficient entropy for the PRNG
2003.11.15 19:00:37 LOG6[14603:16384]: PRNG seeded successfully
2003.11.15 19:00:37 LOG7[14603:16384]: Configuration SSL options: 0x00000800
2003.11.15 19:00:37 LOG7[14603:16384]: SSL options set: 0x00000800
2003.11.15 19:00:37 LOG7[14603:16384]: Certificate: /usr/local/etc/stunnel/stunnel.pem
2003.11.15 19:00:37 LOG7[14603:16384]: Key file: /usr/local/etc/stunnel/stunnel.pem
2003.11.15 19:00:37 LOG5[14603:16384]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed
2003.11.15 19:00:37 LOG7[14603:16384]: FD 4 in non-blocking mode
2003.11.15 19:00:37 LOG7[14603:16384]: SO_REUSEADDR option set on accept socket
2003.11.15 19:00:37 LOG7[14603:16384]: POP3 bound to 0.0.0.0:995
2003.11.15 19:00:37 LOG7[14603:16384]: FD 5 in non-blocking mode
2003.11.15 19:00:37 LOG7[14603:16384]: SO_REUSEADDR option set on accept socket
2003.11.15 19:00:37 LOG7[14603:16384]: SMTP bound to 0.0.0.0:8025
2003.11.15 19:00:37 LOG7[14603:16384]: FD 6 in non-blocking mode
2003.11.15 19:00:37 LOG7[14603:16384]: FD 7 in non-blocking mode
2003.11.15 19:00:37 LOG3[14604:16384]: Failed to get GID for group nobody




PMEmail Poster
Top
cmyk
Posted: Nov 15 2003, 08:00 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



ok got the permission straightned out:

(http://www.stunnel.org/faq/troubleshooting.html#ToC14)
Answer: The stunnel.pem file contains your key (private data) and certificate (public data). In order for Stunnel to start automatically without requiring a password, the key is created without a password. This means that anyone who can read this file can compromise your SSL security. This file must be readable only by root, or the user who runs Stunnel.

Use the chmod command to fix permissions on this file, ala

chmod 600 /path/to/stunnel.pem

and i also have this now in the stunnel.log:

2003.11.15 20:10:13 LOG7[15215:16384]: Snagged 64 random bytes from /root/.rnd
2003.11.15 20:10:13 LOG7[15215:16384]: Wrote 1024 new random bytes to /root/.rnd
2003.11.15 20:10:13 LOG7[15215:16384]: RAND_status claims sufficient entropy for the PRNG
2003.11.15 20:10:13 LOG6[15215:16384]: PRNG seeded successfully
2003.11.15 20:10:13 LOG7[15215:16384]: Configuration SSL options: 0x00000800
2003.11.15 20:10:13 LOG7[15215:16384]: SSL options set: 0x00000800
2003.11.15 20:10:13 LOG7[15215:16384]: Certificate: /etc/ssl/stunnel/stunnel.pem
2003.11.15 20:10:13 LOG7[15215:16384]: Key file: /etc/ssl/stunnel/stunnel.pem
2003.11.15 20:10:13 LOG5[15215:16384]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed
2003.11.15 20:10:13 LOG7[15215:16384]: FD 4 in non-blocking mode
2003.11.15 20:10:13 LOG7[15215:16384]: SO_REUSEADDR option set on accept socket
2003.11.15 20:10:13 LOG7[15215:16384]: POP3 bound to 0.0.0.0:995
2003.11.15 20:10:13 LOG7[15215:16384]: FD 5 in non-blocking mode
2003.11.15 20:10:13 LOG7[15215:16384]: SO_REUSEADDR option set on accept socket
2003.11.15 20:10:13 LOG7[15215:16384]: SMTP bound to 0.0.0.0:8025
2003.11.15 20:10:13 LOG7[15215:16384]: FD 6 in non-blocking mode
2003.11.15 20:10:13 LOG7[15215:16384]: FD 7 in non-blocking mode
2003.11.15 20:10:13 LOG7[15216:16384]: Created pid file /tmp/stunnel.pid

i hope this...
POP3 bound to 0.0.0.0:995
and this...
SMTP bound to 0.0.0.0:8025
...is correct. i thought i should be 127.0.0.1 as i have it in the stunnel.conf?


PMEmail Poster
Top
atomant
Posted: Nov 15 2003, 08:23 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



Everything is ok.
Stunnel is the one who is listening to 127.0.0.1 (25, 110).


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
cmyk
Posted: Nov 15 2003, 08:29 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



thanks sasa,

took me while to make this running on MDK 9.2!

but i still have some things i do not understand:
1. when i bind 110 and 25 to 127.0.0.1 will the clients still be able to access pop3/smtp without ssl?
2. right now, i am not able to send any email...
3. how would i reset the binding?

phil
PMEmail Poster
Top
atomant
Posted: Nov 15 2003, 08:37 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



You are only binding localhost address which is not accessible by your customer.
In the startup script xmail use command line switches to bind to a specific address eg.: -PI 192.168.0.1 -PI 205.201.25.36 etc.
Don't forget to restart xmail after you make changes in the script.


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
cmyk
Posted: Nov 15 2003, 08:44 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



sasa,

thanks for your reply...

i don't seem to understand. sad.gif

how could i bind a dynamic dialp ip address?
i mean, this isn't really practical.

all i would like is, that my customers can use ssl or not. and both should work.
so, how woul i do that? (in a way, i understand it, plz :-) )

cheer,
phil
PMEmail Poster
Top
atomant
Posted: Nov 15 2003, 08:48 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



I didn't know that you have dyn ip.
Normally ( wink.gif ) it should bind to all available addresses on the machine but it is not always the case.
Is this server directly on the net or is it on the LAN behind some firewall machine?


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
cmyk
Posted: Nov 15 2003, 09:48 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



ok sasa,

i think we got some communications problems... smile.gif
i guess we could talk german, but for the benefit of others, we don't (right? smile.gif )

i have a static ip address.
i have nice firewall. the web/email/dns/server is in a DMZ.

i have found a problem:
i didn't allow smtp on port 8025 from DMZ to inet in iptables...
so that's cool now. smile.gif

i also made a mistake in setting the prefs for apple mail 1.3.
that's why it didn't work anymore for normal port 25 without ssl.

BUT. ohmy.gif i still cannot send emails using STMP 8025.

well. i guess it's the whole bind issue i do not understand a bit, quite frankly.


cheers,
phil
PMEmail Poster
Top
atomant
Posted: Nov 15 2003, 09:55 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



OK, now I understand it. You have only problem with sending via ssl on port 8025.
Which mail client do you use? I now that it works with Outlook Express but it doesn't work with netscape or mozilla mail (don't know why sad.gif ).
What is the error when you try to send via ssl?


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
cmyk
Posted: Nov 15 2003, 10:08 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



very good!

i use apple mail 1.3 (as mentioned earlier).
i don't get any error. it's just a timeout, i guess.

could you give me a primer in how to do the binding with xmail (ports 995 and 8025)
in the command line?
and i really *still* don't understand what this binding is all about...

i just tested with outlook on OS X. the same thing. just haning there and waiting for time out.

the stunnel.log doesn't show anything about stmp.

cheers,
phil
PMEmail Poster
Top
atomant
Posted: Nov 15 2003, 10:21 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



ok, here is mine xmail:
CODE
XMAIL_CMD_LINE="-Mr 24 -Pl -PI 192.168.10.10 -PI 127.0.0.1 -PX 100 -Sl -SI 192.168.10.10 -SI 127.0.0.1 -SX 100 -Qn 100 -Ql -QT 180 -Yt 100 -Cl -Ln 100 -Ll"


As you can see I am binding my Xmail to listen on 192.168.10.10 and 127.0.0.1 (ports 25 and 110). For SMTP is switch -SI and for POP is -PI. So this is for use without SSL.

Your problem with timeout is exactly what I have experienced in Netscape and Mozilla mail (only for SMTP; POP over SSL works fine). I have tried win win Outlook and Outlook E. and it works for both over SSL.

So for SSL binding it will use port that U have specified (8025) and all avaiable network adresses it can find on machine.

Can you setup for me a test account so I can try to connect via SSL and send mail using your SSL SMTP? Send me info on account via personal message.


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
cmyk
Posted: Nov 15 2003, 10:48 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



thanks sasa,
i got your email.

i just let a friend of min test with outlook 2003 and windows: worked as well.

wonder how this could be fixed for apple mail, though?


cheers,
phil
PMEmail Poster
Top
atomant
Posted: Nov 15 2003, 10:50 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



I would like to know also. I have been asking questions in some forums but noone could answer me.


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
romee
Posted: Dec 16 2004, 02:43 PM
Quote Post


Newbie
*

Group: Members
Posts: 11
Member No.: 1434
Joined: 16-December 04



Hi,
I've setup pop3s and ssmtp with Xmail 1.20 and stunnel 4.05 on Linux-2.6.7 kernel system. I have no problem with pop3s but ssmtp (I used the standard ssmtp port 465/tcp but I've tried also the 8025 and 25) is not working with any of the outlook mail clients on windows systems. While sending, I get an 0x8004210B error.
PMEmail Poster
Top
hschneider
Posted: Dec 16 2004, 06:57 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



In Outlook did you check 'Use SSL...' with POP3 and with SMTP connections ?
Also make sure that these ports are enabled on your router or firewall.
XP/SP2 on client side ? Then check the builtin firewall toy.


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | XMail Server | Next Newest »

Reply to this topicStart new topicStart Poll