I just upgraded my Ubuntu 8.04 server to 10.04 but there were mail configuration errors before the upgrade (for example, I could not download syslog messages to my client mailbox).
After the upgrade, I can't connect to the server from my Ubuntu Evolution client at all, the error now reads: 'Unable to connect to POP server mail.mydomain.com, error sending username'
I ran several tests:
$ telnet localhost 25 shows all the correct entries which I can post as needed
$ telnet mail.mydomain.com 110
Connected to server1.mydomain.com.
Escape character is '^]'.
+OK Hello there.
-ERR TLS required to log in.
$ openssl s_client -connect 127.0.0.1:995
# lots of output that I've omitted...
No client certificate CA names sent
Verify return code: 10 (certificate has expired)
+OK Hello there
$ openssl s_client -ssl3 -connect 127.0.0.1:995
$ openssl s_client -tls1 -connect 127.0.0.1:995
produce the same bottom line: expired certificate, but I do get the OK Hello there at the end.
I tried renewing the certificate via HowtoForge instructions at
but I admit that I find the lengthy instructions confusing - my mail configuration has never been fully functional, probably because I don't really understand the relationship between the files in /etc/postfix/ssl and /etc/ssl.
$ ls -l /etc/postfix/ssl shows:
smtpd.crt old timestamp
smtpd.csr old timestamp
$ ls -l /etc/ssl shows:
directory certs with current timestamp and an enormous number of files in it
directory private old timestamp
openssl.cnf old timestamp
openssl_default.cnf old timestamp
I can see from the above output that TLS is running on an expired certificate even though I created a new one today. I think I need to fix that before renewing smtpd.crt and smtpd.csr ( I found http://www.howtoforge.com/forums/archive/index.php/t-41883.html
which I need to study, to fix the crt and csr problem)
The pop3/courier server doesn't appear to be using TLS at all, probably because of the disconnect between the timestamps on the certificate files in /etc/postfix/ssl. Finally, I understand that TLS must or should be used for mail clients to authenticate.
So my first question related to the mail problem is how to fix the TLS problem.