troubleshooting Question

POP3 TLS issues

Avatar of sara_bellum
sara_bellumFlag for United States of America asked on
Email ServersEmail Protocols
1 Comment1 Solution1106 ViewsLast Modified:
I just upgraded my Ubuntu 8.04 server to 10.04 but there were mail configuration errors before the upgrade (for example, I could not download syslog messages to my client mailbox).

After the upgrade, I can't connect to the server from my Ubuntu Evolution client at all, the error now reads: 'Unable to connect to POP server mail.mydomain.com, error sending username'

I ran several tests:
$ telnet localhost 25 shows all the correct entries which I can post as needed

$ telnet mail.mydomain.com 110
Connected to server1.mydomain.com.
Escape character is '^]'.
+OK Hello there.
USER
-ERR TLS required to log in.  

$ openssl s_client -connect 127.0.0.1:995
Protocol: TLSv1
# lots of output that I've omitted...
No client certificate CA names sent
Verify return code: 10 (certificate has expired)
+OK Hello there

$ openssl s_client -ssl3 -connect 127.0.0.1:995
$ openssl s_client -tls1 -connect 127.0.0.1:995

produce the same bottom line: expired certificate, but I do get the OK Hello there at the end.
I tried renewing the certificate via HowtoForge instructions at
http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-2-p5

but I admit that I find the lengthy instructions confusing - my mail configuration has never been fully functional, probably because I don't really understand the relationship between the files in /etc/postfix/ssl and /etc/ssl.

$ ls -l /etc/postfix/ssl shows:
smtpd.crt old timestamp
smtpd.csr old timestamp
cacert.pem current
cakey.pem current
smtpd.key current

$ ls -l /etc/ssl shows:
directory certs with current timestamp and an enormous number of files in it
directory private old timestamp
openssl.cnf old timestamp
openssl_default.cnf old timestamp

I can see from the above output that TLS is running on an expired certificate even though I created a new one today. I think I need to fix that before renewing smtpd.crt and smtpd.csr ( I found http://www.howtoforge.com/forums/archive/index.php/t-41883.html which I need to study, to fix the crt and csr problem)

The pop3/courier server doesn't appear to be using TLS at all, probably because of the disconnect between the timestamps on the certificate files in /etc/postfix/ssl.  Finally, I understand that TLS must or should be used for mail clients to authenticate.

So my first question related to the mail problem is how to fix the TLS problem.

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 1 Comment.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros