On 2016年12月18日 23:59, igor_123 wrote:
> Paul, thanks for your answer.
>
>
> Paul Lesniewski wrote
>>> B. Update SMTP Settings : localhost:25
>>
>> Port 25?
>
> Yes. As you say, smtp settings are irreIevant to imap tls ones. Also, I see
> no problem with this port. In my smtp setup, tls is used for communications
> of a client with smtpd.
It's OT, but it's not usually a good idea to mix inbound untrusted
traffic with outbound trusted. Among other things, it makes applying
good policies more difficult/convoluted.
>> ...
>>> Printing out the contents of smtpd.cert confirms that
>>> CN=uranus.sai.msu.ru
>>
>> But is the CA available (to SM) and known?
>
> How do I check the availability of CA to SM? Known to whom? As I said, my
> certificate/key pair is self-signed and simple (without chains). The cert
> file is smtpd.cert, the key is smtpd.key.
Even though it's self-signed, it's still signed. The CA is whatever you
signed it with, however I think if you set verify_peer you should be
turning that verification off.
>>> Adding these lines to squirrelmail's config_local.php
>>>
>>> $imap_stream_options = array(
>>> 'ssl' => array(
>>> 'cafile' => '/etc/postfix/smtpd.cert',
>>
>> That does not look like a CA cert path to me.
>
> Yes, the path is non-standart, this is a testing environment. Still should
> be not a problem since the path is provided in dovecot config.
No, the point is that that cert may not be your CA.
> Paul Lesniewski wrote
>>> 'verify_peer' => false,
>>> 'verify_depth' => 1,
>>> ),
>>> );
>>>
>>> does not change anything.
>>
>> Did you verify if those are being used in the code?
>
> No. I assumed that if including these lines was your recommendation to
> David, SM should use them.
You can only make such assumptions if you're running the newest version
of SM from our website. I don't know what patches RedHat is putting in
their packages of SM. At a minimum, test it with the latest SM code,
and if that works, then you know where the problem is.
> Paul Lesniewski wrote
>> The solution might
>> be as simple as using a 1.4.23-SVN snapshot from our downloads page.
>> I'd try that before anything else.
>
> I will. Although, honestly, I would prefer to use the SM package from the
> official repository. I have to implement it in several servers and managing
> all them manually is too much trouble...
Then you should take your query to the package maintainer; we can't help
you with other people's repackaging/old versions.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users