Update:
Okay, ich glaube ich bin einen Schritt weiter SSL scheint nun zu funktionieren, aber der SMTPd wird dahinter anscheinend nicht richtig gestartet:
/etc/xinet.d/smtps
Code:
service smtps
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = 100
env = SMTPAUTH=1 END=1
server = /usr/bin/stunnel
server_args = -D 5 -o /var/log/stunnel.log -T -p /var/qmail/control/servercert.pem -l /var/qmail/bin/tcp-env smtps -Rt0 /var/qmail/bin/relaylock /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
Test
Code:
root@meinedomain.de:/var/log# openssl s_client -crlf -connect localhost:465
CONNECTED(00000003)
depth=0 /C=DE/ST=Germany/L=Cologne/O=Intergenia AG/OU=Internet Service Provider/CN=meinedomain.de/emailAddress=root@meinedomain.de
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=DE/ST=Germany/L=Cologne/O=Intergenia AG/OU=Internet Service Provider/CN=meinedomain.de/emailAddress=root@meinedomain.de
verify return:1
---
Certificate chain
0 s:/C=DE/ST=Germany/L=Cologne/O=Intergenia AG/OU=Internet Service Provider/CN=meinedomain.de/emailAddress=root@meinedomain.de
i:/C=DE/ST=Germany/L=Cologne/O=Intergenia AG/OU=Internet Service Provider/CN=meinedomain.de/emailAddress=root@meinedomain.de
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIESMjU4zANBgkqhkiG9w0BAQQFADCBtjELMAkGA1UEBhMC
(...)
NRENKRNdxEw/SDs8ulUFwOMDlLOxEud7Le66hgX2MdvsdzLhx4caO9O2sY3EITBa
DFNGL85mhMx5LdB/chSkNJC4aeOo/wlqfUXYWGRcUA1me+qIez7zjYC1sUb8CdkW
ZnaKXwA025SpCE6UOg+f+huEbOUzhqLThqWkE9Ja5ZTIewp290XVoih5hRM=
-----END CERTIFICATE-----
subject=/C=DE/ST=Germany/L=Cologne/O=Intergenia AG/OU=Internet Service Provider/CN=meinedomain.de/emailAddress=root@meinedomain.de
issuer=/C=DE/ST=Germany/L=Cologne/O=Intergenia AG/OU=Internet Service Provider/CN=meinedomain.de/emailAddress=root@meinedomain.de
---
No client certificate CA names sent
---
SSL handshake has read 1856 bytes and written 252 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: BFD6DA085B73083855DAEF843101E765265B94A5659860A8945A43B730347B5F
Session-ID-ctx:
Master-Key: 752B98358151D73C0C4DC9468657DC5BF0B20B518C1097118D2660EE6AE545F665D7E3CAC334DD25693A23678D6C28EE
Key-Arg : None
Start Time: 1234863186
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
closed
Das stunnel-log dazu:
Code:
2009.02.17 10:33:06 LOG5[13399:3083773632]: Using 'smtps' as tcpwrapper service name
2009.02.17 10:33:06 LOG4[13399:3083773632]: Wrong permissions on /var/qmail/control/servercert.pem
2009.02.17 10:33:06 LOG5[13399:3083773632]: stunnel 3.26 on i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8c 05 Sep 2006
2009.02.17 10:33:06 LOG5[13399:3083773632]: smtps connected from 127.0.0.1:41995
2009.02.17 10:33:06 LOG5[13399:3083773632]: Connection closed: 0 bytes sent to SSL, 0 bytes sent to socket
Der Mailclient will immer noch nicht, endet jedoch mittlerweile mit einem Timeout, ohne sich aufzuhängen ^^
Gruß
lynix
Lesezeichen