Re: [SM-USERS] [SOLVED sort of] was Re: svn 14501 - TLS
Dear Paul,
sorry to bring this [Solved] topic to surface again. After installing Fedora
25 (from scratch) I have the same problem ("unknown ca"). I have been using
squirrelmail for many years with "localhost" as imap server name. This does
not work anymore. Looking in the internet, I found this thread which is the
most informative among all I found before. However, in my case the David's
recipe - to replace "localhost" by a fully qualified host name does not
work...
The package versions are:
postfix-3.1.3-2.fc25.x86_64
dovecot-2.2.26.0-1.fc25.x86_64
php-7.0.14-1.fc25.x86_64
squirrelmail-1.4.22-17.fc24.noarch
The squirrelmail imap-related config page is:
IMAP Settings
--
4. IMAP Server: uranus.sai.msu.ru
5. IMAP Port : 993
6. Authentication type: login
7. Secure IMAP (TLS) : true
8. Server software: dovecot
9. Delimiter : detect
B. Update SMTP Settings : localhost:25
the configtest page of squirrelmail returns
Checking IMAP service
ERROR: Error connecting to IMAP server "uranus.sai.msu.ru:993".Server
error: (0)
The relevant maillog lines are:
Dec 16 17:23:01 uranus postfix/smtpd[7867]: connect from localhost[::1]
Dec 16 17:23:01 uranus postfix/smtpd[7867]: lost connection after CONNECT
from localhost[::1]
Dec 16 17:23:01 uranus postfix/smtpd[7867]: disconnect from localhost[::1]
commands=0/0
Dec 16 17:23:01 uranus dovecot: imap-login: Disconnected (no auth attempts
in 0 secs):
user=<>, rip=93.180.26.5, lip=93.180.26.5, TLS handshaking: SSL_accept()
failed:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL
alert number 48,
session=<8mavTsdDQtldtBoF>
The relevant config lines:
postfix main.cf
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_CAfile = /etc/postfix/smtpd.cert
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
dovecot 10-ssl.conf:
ssl_cert = array(
'cafile' => '/etc/postfix/smtpd.cert',
'verify_peer' => false,
'verify_depth' => 1,
),
);
does not change anything.
I understand that if squirrelmail and imap server are on the same host, I
can safely use plain authentification. Still, I am wondering why the
apparently correct setup with TLS does not work. Any advice?
Thank you,
Igor
--
View this message in context:
http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-tp26087p26477.html
Sent from the squirrelmail-users mailing list archive at Nabble.com.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
[SM-USERS] Squirrelmail mixing up user profiles
Hi all. I have a SquirrelMail version 1.4.23 [SVN] running on Debian 7.11 with PHP 5.4.45-0+deb7u6 / Apache 2.2.22 . This is the relevant section of config.php > $data_dir = '/var/lib/squirrelmail/data/'; > $attachment_dir = '/var/spool/squirrelmail/attach/'; > $dir_hash_level = 0; > $default_left_size= '150'; > $force_username_lowercase = false; > $default_use_priority = true; > $hide_sm_attributions = false; > $default_use_mdn = true; > $edit_identity= false; > $edit_name= true; > $hide_auth_header = false; > $allow_thread_sort= false; > $allow_server_sort= false; > $allow_charset_search = true; > $uid_support = true; > > $plugins[0] = 'translate'; > $plugins[1] = 'squirrelspell'; > $plugins[2] = 'spamcop'; > $plugins[3] = 'filters'; > $plugins[4] = 'calendar'; > $plugins[5] = 'abook_take'; > $plugins[6] = 'administrator'; > $plugins[7] = 'newmail'; > $plugins[8] = 'bug_report'; > $plugins[9] = 'sent_subfolders'; > $plugins[10] = 'mail_fetch'; > $plugins[11] = 'listcommands'; > $plugins[12] = 'message_details'; > $plugins[13] = 'delete_move_next'; > $plugins[14] = 'attachment_tnef'; > $plugins[15] = 'empty_folders'; > $plugins[16] = 'html_mail'; > $plugins[17] = 'view_as_html'; > $plugins[18] = 'info'; > $plugins[19] = 'change_sqlpass'; > $plugins[20] = 'quicksave'; > $plugins[21] = 'squirrel_logger'; About a few moths ago I was notified that one user was having an issue where his outgoing emails displayed another user¹s details (From:, Reply-To:). The two users log in from the same computer with the same OS account but their mailboxes belong to different domains. The same behaviour also happens on another computer. These are the headers of the outgoing message: > Received: from XXX ([XXX]) > (SquirrelMail authenticated user use...@domain1.com) > by webmail.domain.con with HTTP; > Mon, 15 Aug 2016 23:11:50 +0200 > Message-ID: > Date: Mon, 15 Aug 2016 23:11:50 +0200 > Subject: Re: Ris: Invio documenti come da accordi > From: ³USER_2² > To: ³XXX² > Cc: YYY > Reply-To: use...@domain2.com > User-Agent: SquirrelMail/1.4.23 [SVN] > MIME-Version: 1.0 > Content-Type: multipart/mixed;boundary="=_20160815231150_40101" > X-Priority: 3 (Normal) > Importance: Normal > The authentication string is indeed correct but all the details belong to USER_2. There is no SMTP authentication from the webmail but I do check the MAIL FROM: on a list of addresses that the user is permitted to send mail as. Both USER_1 and USER_2 only have their respective accounts so if SquirrelMail had used USER_2 during the SMTP transaction, it would have been refused. Has anyone experienced this issue before? How can I fix it without having to delete and recreate the profiles? Thank you. -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
