On 1/19/07, Claudio Jeker <jeker@n-r-g.com> wrote:
On Fri, Jan 19, 2007 at 10:15:29AM -0500, D.J. wrote:
> I have a somewhat unique situation where I have to handle two domains
> from separate LDAP servers for SMTP AUTH, requiring me to run two
> installations of qmail off the same machine. Everything is working
> great for the AUTH side, but one installation is failing when trying
> to use TLS. Here is the log entry:
>
> @4000000045b0dc8139d198fc tcpserver: pid 23144 from x.x.x.x
> @4000000045b0dc8139daa564 tcpserver: ok 23144 0:192.168.4.105:25
> x.x.com:x.x.x.x::11228
> @4000000045b0dc8139f58c1c qmail-smtpd 23144: connection from x.x.x.x
> (x.x.com) to 0
> @4000000045b0dc8139f597d4 qmail-smtpd 23144: enabled options: starttls
> relayclient qmailqueue /var/eoqmail/bin/qmail-scanner-queue.pl
> @4000000045b0dc813b677f24 qmail-smtpd 23144: remote ehlo:
> dharbaugh.eohio.net
> @4000000045b0dc822f1d41a4 qmail-smtpd 23144: aborting TLS connection,
> unable to finish SSL accept
> @4000000045b0dc822f1d5144 qmail-smtpd 23144: read error or connection closed
> @4000000045b0dc822f20914c tcpserver: end 23144 status 256
>
> I get the feeling that this is due to the way the TLS patch is
> implemented. Is it hard coded to always look for the certificate in
> /var/qmail/control? If so, this is definitely my problem, since as
> you can see above the installation directory for this one is
> /var/eoqmail. If it is not the case, then I'm pretty sure I didn't
> change anything to tell the patch where the new certificate is, so if
> someone could point me that way, I'd appreciate it. Thanks!
>
Have a look at QLDAPINSTALL and look for SSLCERT and ~control/smtpcert.
Also check that the file access rights are OK.
--
:wq Claudio
Well, it turns out that I just recreated the certificate, and it
decided to work. I'd copied these certs in from a previous
installation, and maybe it didn't like it for some reason. Weird
though, that the default install worked fine. Oh well. Thanks for
the help!
- D.J.
|