Re: [exim] Cannot establish connection from client via tls

Startseite
Nachricht löschen
Nachricht beantworten
Autor: James Brown
Datum:  
CC: Exim Users
Betreff: Re: [exim] Cannot establish connection from client via tls
James Price wrote:
> On 5/7/2010 5:15 PM, James Brown wrote:
>
>> OS 8.0-STABLE FreeBSD , exim v. 4.71
>> I am trying to customize my exim-server setting up on my vds.
>> I have uncommented the next recordes in its configs:
>> daemon_smtp_port = 25:465
>> tls_certificate = CONFDIR/certificate.crt
>> tls_privatekey = CONFDIR/certificate.key
>> tls_on_connect_ports = 465
>> and restarted my server.
>> After that I have tried to send testing letters from my client on my
>> local PC (Icedove 2.0.0.24 under Debian Lenny) but it wrote me that
>> server was failed or refusing connections. (In the same time I could
>> send email letters through the port n. 25 without tls/ssl).
>> The log file of my server are attached.
>> ls -l /usr/local/etc/server.key
>> -r-------- 2 root wheel 887 Jan 1 1970 /usr/local/etc/server.key
>> ls -l /usr/local/sbin/exim
>> lrwxrwxrwx 1 root wheel 11 Apr 29 10:04 /usr/local/sbin/exim ->
>> exim-4.71-0
>> ls -l /usr/local/sbin/exim-4.71-0
>> -rwsr-xr-x 2 root wheel 934792 Jan 1 1970 /usr/local/sbin/exim-4.71-0
>> Does the exim daemon cannot have access to key-file?
>>
>>
>>
> From the looks of this, it appears whatever user you're running exim
> under does not have permission to open the key file, of course unless
> you're running exim as root which certainly should have permissions
> based on what you supplied. I would change the owner of the key and
> cert file to the same user you're running exim under restart the daemon
> and you should be good.
>
> Thanks,
> James
>
>

Very thanks.
My exim works under user /mailnull :
ps aux | grep exim
mailnull 89386 0.0 0.0 21120 3708 ?? IsJ 1:17AM 0:00.02
/usr/local/sbin/exim -bd -q30m (exim-4.71-0)

/And key-file belong to root. But as it was specified earlier
//usr/local/sbin/exim /had a setuid bit.
Why exim cannot read that file in spite of that?
Of course, I can change user of that file, but is it safely to user
mailnull as an oowner of that key-file?
Futhermore, that used not only exim but dovecot too that works under
users root and dovecot:
ps aux | grep dovecot
root 9987 0.0 0.0 6972 1528 ?? SsJ 9:06AM 0:02.81
/usr/local/sbin/dovecot -c /usr/local/etc/dovecot.conf
root 10010 0.0 0.0 9024 2280 ?? SJ 9:06AM 0:01.57 dovecot-auth
dovecot 10121 0.0 0.0 10836 2580 ?? IJ 9:06AM 0:00.01 imap-login
dovecot 73120 0.0 0.0 10840 2704 ?? IJ 8:35AM 0:00.00 pop3-login
dovecot 73121 0.0 0.0 10840 2704 ?? IJ 8:35AM 0:00.00 pop3-login
Is it possible to it read that file foo?
Or it will be simpler to me copy key-file in config-direcotry of exim
changing user in the same time and use it for exim separatly?

Yours,

James