Plesk 10 / Imap SSL

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

Hi Guys.

Imap wont work on SSL and I just got from ossec the error paster below. Any ideas ?

Code:

 imapd-ssl: couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

scott · **Posted:** Thu Feb 16, 2012 10:23 pm

el4 by any chance?

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

scott wrote:

el4 by any chance?

el4 ?

breun · **Posted:** Fri Feb 17, 2012 3:50 pm

EL4 = Enterprise Linux 4 = Red Hat Enterprise Linux 4, or a compatible distribution like CentOS 4.

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

Nope. I am using CentOS 5.x with ASL installed.

scott · **Posted:** Fri Feb 17, 2012 5:15 pm

there goes that idea... el4 has an older certificate issue.

BruceLee · **Posted:** Fri Feb 17, 2012 6:21 pm

try to convert your CA certificate to PEM format and set TLS_TRUSTCERTS in the imapd-ssl config file to point to your PEM CA file.

breun · **Posted:** Fri Feb 17, 2012 6:26 pm

This Parallels knowledge base article explains how to configure SSL for SMTP/IMAP/POP3: http://kb.parallels.com/1062

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

Sorry for the delayed response. It was permissions issue after all ... Changed them like the other files to 755 restarted the mail services and worked like a charm.

And now I come to another big question.

Ok, you can encrypt messages that come in and out of the servers when you are a user. But when the mailserber itself "passes by" a mail message to another mail server on the internet this isn't encrypted right ? Is there a way to make qmail to request other mail servers to start an encrypted session so all messages can be recieved - delivered securely ?

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1843

Qmail will encrypt by default when talking to another qmail server. I don't think this is anything to do with qmail itself -- it is part of the SMTP protocol, I think, so it would work with any server.

The key thing is that receiving server will advertise its capabilities, and the sending server will use them or not as it sees fit (and as its configuration/default tells it to do).

I have no idea where these things might be adjusted, although I seem to remember there were some things you could do in smtp[s]_psa in terms of incoming mail.

paulie · **Joined:** Tue Apr 20, 2010 2:49 am **Posts:** 74

I think its these files that govern what will be advertised in terms of encryption offered as a server, and encryption that will be used when connecting server to server :

root@vz1038 control]# cat tlsserverciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:!MEDIUM
[root@vz1038 control]# cat tlsclientciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:!MEDIUM
[root@vz1038 control]# pwd
/var/qmail/control
[root@vz1038 control]#

Plesk 10 / Imap SSL

Who is online