6 messages in net.sourceforge.lists.courier-users[courier-users] Re: BLACKLISTS settin...
FromSent OnAttachments
Greg EarleJul 27, 2004 2:44 pm 
Sam VarshavchikJul 27, 2004 4:18 pm 
Greg EarleJul 27, 2004 5:50 pm 
Sam VarshavchikJul 28, 2004 4:10 am 
Greg EarleJul 28, 2004 7:42 am 
Gordon MessmerJul 28, 2004 10:14 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[courier-users] Re: BLACKLISTS setting and etc/esmtpd-sslActions...
From:Greg Earle (ear@isolar.DynDNS.ORG)
Date:Jul 27, 2004 5:50:13 pm
List:net.sourceforge.lists.courier-users

On Jul 27, 2004, at 4:19 PM, Sam Varshavchik wrote:

Greg Earle writes:

I'm running Courier 0.45.6 on Solaris 9. I was investigating a problem sending mail out from home through my work server using port 465, thus talking to "esmtpd-ssl" on the work/Courier side. What I found was that "esmtpd-ssl" was getting told that my sending address was in SORBS as a dynamic address. But instead of reporting it via "syslog" like "courieresmtpd" does: Jul 27 12:44:27 courieratwork courieresmtpd: [ID 702911 mail.error] error,relay=::ffff:218.63.92.101,from=<aml@anbgg.www- mailserver.com>, to=<ear@isolar.dyndns.org>: 511 Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=218.63.92.101 I get nothing in the logs, and "couriertls" gets fired up instead.

couriertls is always started. This error does not come from couriertcpd, but from courieresmtpd. couriertcpd only checks if the IP address is listed. It does not reject the connection. The IP address's status is saved in an environment variable, and courieresmtpd then refuses all mail because of that.

OK ... but why doesn't it log the same message the "regular" port 25 invocation of "courieresmtpd" does? Given that it's the same binary with just different option arguments, I'm a bit baffled by that ...

"couriertls" accesses my server certificate, sleeps a bit, and then emits DEBUG: Unexpected SSL connection shutdown. and goes back to sleep in poll().

See what happens when you do this:

addcr | TLS_VERIFYPEER=NONE couriertls -host=hostname -port=465

courieratwork:1:260 [/] # ( setenv TLS_VERIFYPEER NONE ; addcr | couriertls \ -host=localhost -port=465 ) 220 courieratwork.My.Do.Main ESMTP

Then it just sits there. After 10 minutes or so, it times out and returns to the command prompt. If I run it again and feed it an EHLO, I get back:

220 courieratwork.My.Do.Main ESMTP EHLO courieratwork.My.Do.Main 250-courieratwork.My.Do.Main Ok. 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN X-NETSCAPE-HAS-BUGS 250-XVERP=Courier 250-XEXDATA 250-XSECURITY=NONE,STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 250 DSN

My "esmtpd-ssl" file contains (at the moment)

prefix=/opt/courier exec_prefix=/opt/courier BOFHCHECKDNS=1 BOFHNOEXPN=0 BOFHNOVRFY=0 NOADDMSGID=1 NOADDDATE=1 AUTH_REQUIRED=0 BLACKLISTS="" SSLPORT=465 SSLADDRESS=0 SSLPIDFILE=/opt/courier/var/tmp/esmtpd-ssl.pid ESMTPDSSLSTART=YES COURIERTLS=/opt/courier/bin/couriertls TLS_PROTOCOL=TLS1 [Has also been set to "SSLv3" - Ed.] TLS_CERTFILE=/opt/openssl/certs/courieratwork.pem TLS_VERIFYPEER=NONE MAXDAEMONS=40 MAXPERC=5 MAXPERIP=5

What I'm finding is that when I try to send out on port 465 from Entourage, I see 3 packets go back and forth on that port (465), then an AUTH (identd) packet gets sent from the server to my home machine (I'm not running identd so it RSTs back), and then ... nothing. I've tried changing the settings in etc/esmtpd-ssl (and then restarting Courier) to no avail. Eventually the connection times out, of course.

In the meantime, I've fallen back to using SSL with user authentication on port 25, as that seems to work. My co-worker, however, uses Entourage X and reports the exact opposite - that setting his outgoing SMTP preferences to use port 25 doesn't work, but using port 465 does (modulo a diagnostic error message he gets). Go figure.

- Greg