Posts Tagged ‘rocks’

Fix 503 AUTH first (#5.5.1) mail receive errors in Qmail

Friday, September 2nd, 2011

I have one qmail rocks install based on Thibbs Qmalrocks tutorial

I had to do some changes, to:
/etc/service/qmail-smtpd/run and /etc/service/qmail-smtpdssl/run init scripts.

After a qmail restart suddenly qmail stopped receiving any mail messages and my sent messages was returned with an error:

Connected to xx.xxx.xx.xx but sender was rejected.
Remote host said: 503 AUTH first (#5.5.1)

After investigating the issue I finally found, that one value I’ve changed in /etc/service/qmail-smtpd/run and /etc/service/qmail-smtpdssl was causing the whole mess:

The problematic variable was:

REQUIRE_AUTH=1

To solve the issue I had to disable the value which it seems, I have enabled by mistake.

Below is a quote from http://qmail.jms1.net which explains what REQUIRE_AUTH shell variable does:

Setting REQUIRE_AUTH=1 will make the service not accept ANY mail unless the client has sent a valid AUTH command. This also prevents incoming mail from being accepted for your own domains, so do not use this setting if the service is accepting “normal” mail from the outside world.
Restarting via qmailctl restart and qmail started receiving messages normal 😉


Share this on

How to renew self signed QMAIL toaster and QMAIL rocks expired SSL pem certificate

Friday, September 2nd, 2011

qmail_toaster_logo-fix-qmail-rocks-expired-ssl-pem-certificate

One of the QMAIL server installs, I have installed very long time ago. I've been notified by clients, that the certificate of the mail server has expired and therefore I had to quickly renew the certificate.

This qmail installation, SSL certificates were located in /var/qmail/control under the names servercert.key and cervercert.pem

Renewing the certificates with a new self signed ones is pretty straight forward, to renew them I had to issue the following commands:

1. Generate servercert encoded key with 1024 bit encoding

debian:~# cd /var/qmail/control
debian:/var/qmail/control# openssl genrsa -des3 -out servercert.key.enc 1024
Generating RSA private key, 1024 bit long modulus
...........++++++
.........++++++
e is 65537 (0x10001)
Enter pass phrase for servercert.key.enc:
Verifying - Enter pass phrase for servercert.key.enc:

In the Enter pass phrase for servercert.key.enc I typed twice my encoded key password, any password is good, here though using a stronger one is better.

2. Generate the servercert.key file

debian:/var/qmail/control# openssl rsa -in servercert.key.enc -out servercert.key
Enter pass phrase for servercert.key.enc:
writing RSA key

3. Generate the certificate request

debian:/var/qmail/control# openssl req -new -key servercert.key -out servercert.csr
debian:/var/qmail/control# openssl rsa -in servercert.key.enc -out servercert.key
Enter pass phrase for servercert.key.enc:writing RSA key
root@soccerfame:/var/qmail/control# openssl req -new -key servercert.key -out servercert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:My Org
Common Name (eg, YOUR name) []:
Email Address []:admin@adminmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

In the above prompts its necessery to fill in the company name and location, as each of the prompts clearly states.

4. Sign the just generated certificate request

debian:/var/qmail/control# openssl x509 -req -days 9999 -in servercert.csr -signkey servercert.key -out servercert.crt

Notice the option -days 9999 this option instructs the newly generated self signed certificate to be valid for 9999 days which is quite a long time, the reason why the previous generated self signed certificate expired was that it was built for only 365 days

5. Fix the newly generated servercert.pem permissions debian:~# cd /var/qmail/control
debian:/var/qmail/control# chmod 640 servercert.pem
debian:/var/qmail/control# chown vpopmail:vchkpw servercert.pem
debian:/var/qmail/control# cp -f servercert.pem clientcert.pem
debian:/var/qmail/control# chown root:qmail clientcert.pem
debian:/var/qmail/control# chmod 640 clientcert.pem

Finally to load the new certificate, restart of qmail is required:

6. Restart qmail server

debian:/var/qmail/control# qmailctl restart
Restarting qmail:
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.

Test the newly installed certificate

To test the newly installed SSL certificate use the following commands:

debian:~# openssl s_client -crlf -connect localhost:465 -quiet
depth=0 /C=UK/ST=London/L=London/O=My Org/OU=My Company/emailAddress=admin@adminmail.com
verify error:num=18:self signed certificate
verify return:1
...
debian:~# openssl s_client -starttls smtp -crlf -connect localhost:25 -quiet
depth=0 /C=UK/ST=London/L=London/O=My Org/OU=My Company/emailAddress=admin@adminmail.com
verify error:num=18:self signed certificate
verify return:1
250 AUTH LOGIN PLAIN CRAM-MD5
...

If an error is returned like 32943:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:607: this means that SSL variable in the qmail-smtpdssl/run script is set to 0.

To solve this error, change SSL=0 to SSL=1 in /var/qmail/supervise/qmail-smtpdssl/run and do qmailctl restart

The error verify return:1 displayed is perfectly fine and it's more of a warning than an error as it just reports the certificate is self signed.


Share this on

Manowar in Kavarna

Monday, July 2nd, 2007

Everything actually started in Friday. Friday I was on a Webtech in Varna in the Technical University.This is the second Webtech conference made in Varna. I was on the lectures until dinner. Firstwe went with Nomen, Niki and Dancho to the TU University, and we lost some time searching for theroom after that we found the room where the lectures were going to be. We entered in the endingpart of the first introductionary lecture about webtech. After this there was a lecture forperl Catalyst, which was quite interesting btw after that a lecture for expect (hackman has leaded the lecture).After that we went to drink a coffee and I found out I have lost my wallet. I get mad because I thoughtwell God I try to be good to others to give to the poor etc. etc. and in return I loose 42 lv. I spendthe other part of the day staying alone on a bench outside the university and thinking about the humanexistence, after that I went home very disappointed and angry. Stelio a friend who is has led me to the Orthodox Christianianity. Called and I invited him to be my guest, we had a great time togetherdiscussing the human existence. The next day I wake up early and I was feeling awful, meaninglesslost. Nomen called and said there are on the 2nd day on the lectures of webtech conference againand that my wallet has been found with 42 lv. and my ID card in it. I PRAISED THE LORD! It wasquite a joyful for me. On the next day I decided I would go to the Manowar concert in Kavarnaand I bought the ticket from Amridikon. The concert was interesting as a whole but I realizedI’m not into metal music anymore. After that Nomen came and take me from Kavarna with a car andwe went to Tulenovo’s rocks awaiting the July Morning with some other friends (Sami, Toto, Iasho, Gegi etc.).The rocks were very beautiful and the sea’s view is great. We baked some meet and ate. In the morning, there was a Metal July. (Toto, Sami and Iasho banged there heads on Sepultura’s Roots Bloody Rootsand Territory. After that we made a sort of excursion in the Village of Tulenovo and around it around the rocks.We then moved to Balchik to leave one of the girls with us on the station to take a bus for her working place.And in the end we come back to Dobrich in 10. I was tired as hell. And sleep until 3. I then attended the Orthodox Church st. Georgi to pray to God. Later I bought some vegetables and fruits fromthe open market for my Grandma. And went to her home to give her the products. After that I saw lily on a coffee.And in the late afternood we had a walk with Nomen into the central park. Nomen suggested that it would be cool to drink beer in hishouse and to watch the film (Die Young 3) and that’s exactly what we did. This few days was quite a colorful It’s God behind thisstarting to answer my prayers slowly but surely. Thanks God for giving me all thiswonderful moments :]END—–

Share this on