hbrueckner@??? wrote:
>On Tue, Dec 14, 2004 at 02:52:05PM -0600, Tommy Butler wrote:
>
>
>>hbrueckner@??? wrote:
>>
>>>an you paste the appropriate log entries (mainlog/paniclog) for this
>>>error.
>>>
>>>
>>ERROR:
>>2004-12-14 14:49:54 TLS error on connection from (tommy) [69.15.114.65]
>>(cert/key setup): Error while reading file.
>>
>>>ry to to start exim with TLS debugging: exim4 -d+tls. (you can add this
>>>parameter in /etc/default/exim4)
>>>
>>>
I made the suggested edits. But I'm still getting that error. I even
set the perms on my ssl key and cert to 777 to make sure it wasn't a
perms problem.
tls_certificate = /etc/ssl/certs/smtp.pem
tls_privatekey = /etc/ssl/private/mail.cityairlines.net.key.nopass.pem
On my server I start up exim4...
$ /etc/init.d/exim4 start
Starting MTA: Exim version 4.34 uid=0 gid=0 pid=21925 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 PAM Perl GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz
dnsdb dsearch
ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute
queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=21925
auxiliary group list: <none>
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00030400
trusted user
admin user
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
21925 listening on 127.0.0.1 port 25
21925 listening on 206.123.72.157 port 25
21925 pid written to /var/run/exim4/exim.pid
21925 changed uid/gid: running as a daemon
21925 uid=102 gid=102 pid=21925
21925 auxiliary group list: 102
21925 LOG: MAIN
21925 exim 4.34 daemon started: pid=21925, -q30m, listening for
SMTP on [127.0
.0.1]:25 [206.123.72.157]:25
21925 set_process_info: 21925 daemon: -q30m, listening for SMTP on
[127.0.0.1]:2
5 [206.123.72.157]:25
21925 daemon running with uid=102 gid=102 euid=102 egid=102
21925 SIGALRM received
21926 Starting queue-runner: pid 21926
21926 exec /usr/sbin/exim4 -q
21925 1 queue-runner process running
21925 Listening...
Then here at home I telnet into the exim server process:
Tommy@sneeker ~
$ telnet mail.cityairlines.net 25
Trying 206.123.72.157...
Connected to mail.cityairlines.net.
Escape character is '^]'.
220 noot.cityairlines.net ESMTP Exim 4.34 Tue, 14 Dec 2004 23:42:03
-0600
ehlo tommy
250-noot.cityairlines.net Hello
ppp-70-243-209-238.dsl.rcsntx.swbell.net [70.243
.209.238]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
starttls
454 TLS currently unavailable
QUIT
221 noot.cityairlines.net closing connection
Connection closed by foreign host.
I go back to the server shell and the debug messages are thus:
21925 Connection request from 70.243.209.238 port 3999
21925 search_tidyup called
22040 host in rfc1413_hosts? yes (matched "*")
22040 doing ident callback
21925 1 SMTP accept process running
21925 Listening...
22040 ident connection to 70.243.209.238 failed: Connection refused
22040 sender_fullhost = [70.243.209.238]
22040 sender_rcvhost = [70.243.209.238]
22040 Process 22040 is handling incoming connection from
[70.243.209.238]
22040 host in host_lookup? yes (matched "*")
22040 looking up host name for 70.243.209.238
22040 DNS lookup of 238.209.243.70.in-addr.arpa (PTR) succeeded
22040 IP address lookup yielded ppp-70-243-209-238.dsl.rcsntx.swbell.net
22040 gethostbyname2(af=inet6) returned 4 (NO_DATA)
22040 gethostbyname2 looked up these IP addresses:
22040 name=ppp-70-243-209-238.dsl.rcsntx.swbell.net
address=70.243.209.238
22040 checking addresses for ppp-70-243-209-238.dsl.rcsntx.swbell.net
22040 70.243.209.238 OK
22040 sender_fullhost = ppp-70-243-209-238.dsl.rcsntx.swbell.net
[70.243.209.238]
22040 sender_rcvhost = ppp-70-243-209-238.dsl.rcsntx.swbell.net
([70.243.209.238])
22040 set_process_info: 22040 handling incoming connection from
ppp-70-243-209-238.dsl.rcsntx.swbell.net [70.243.209.238]
22040 host in host_reject_connection? no (option unset)
22040 host in sender_unqualified_hosts? no (option unset)
22040 host in recipient_unqualified_hosts? no (option unset)
22040 host in helo_verify_hosts? no (option unset)
22040 host in helo_try_verify_hosts? no (option unset)
22040 host in helo_accept_junk_hosts? no (option unset)
22040 SMTP>> 220 noot.cityairlines.net ESMTP Exim 4.34 Tue, 14 Dec
2004 23:42:03 -0600
22040 Process 22040 is ready for new message
22040 smtp_setup_msg entered
22040 SMTP<< ehlo tommy
22040 sender_fullhost = ppp-70-243-209-238.dsl.rcsntx.swbell.net
(tommy) [70.243.209.238]
22040 sender_rcvhost = ppp-70-243-209-238.dsl.rcsntx.swbell.net
([70.243.209.238] helo=tommy)
22040 set_process_info: 22040 handling incoming connection from
ppp-70-243-209-238.dsl.rcsntx.swbell.net (tommy) [70.243.209.238]
22040 host in pipelining_advertise_hosts? yes (matched "*")
22040 host in auth_advertise_hosts? yes (matched "*")
22040 host in tls_advertise_hosts? yes (matched "*")
22040 SMTP>> 250-noot.cityairlines.net Hello
ppp-70-243-209-238.dsl.rcsntx.swbell.net [70.243.209.238]
22040 250-SIZE 52428800
22040 250-PIPELINING
22040 250-STARTTLS
22040 250 HELP
22040 SMTP<< starttls
22040 initializing GnuTLS as a server
22040 read RSA and D-H parameters from file
22040 initialized RSA and D-H parameters
22040 certificate file = /etc/ssl/certs/smtp.pem
22040 key file = /etc/ssl/private/mail.cityairlines.net.key.nopass.pem
22040 LOG: MAIN
22040 TLS error on connection from
ppp-70-243-209-238.dsl.rcsntx.swbell.net (tommy) [70.243.209.238]
(cert/key setup): Error while reading file.
22040 SMTP>> 454 TLS currently unavailable
22040 SMTP<< QUIT
22040 SMTP>> 221 noot.cityairlines.net closing connection
22040 LOG: smtp_connection MAIN
22040 SMTP connection from
ppp-70-243-209-238.dsl.rcsntx.swbell.net (tommy) [70.243.209.238]
closed by QUIT
22040 search_tidyup called
21925 child 22040 ended: status=0x0
21925 0 SMTP accept processes now running
21925 Listening...
Does this tell me anything useful? Is there anywhere to go from here?
I am completely exasperated.
Now as stated earlier I already am using the same cert and key for
IMAP+SSL and POP3+SSL, so I can't see how there could be a permissions
problem with the ssl cert and key, neither can I see how the cert or key
could be "corrupt" or in an unusable format.
I really am coming to the end of my rope, as the saying goes. Again,
can anyone tell me why I should keep trying to get exim to work instead
of just scrapping the idea and going back to sendmail? I've spent more
time on this than I care to admit, and spending more time just seems
ridiculous. Why would I want to keep trying with exim? Is there a
really good reason I should? Please, tell me what is so great about
exim that it is better than sendmail?
--
Tommy Butler
tommy@??? <
mailto:tommy@atrixnet.com>
