cyrusv2 (lmtp) broken with tls enabled?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

 I cannot get sendmail with the cyrusv2 mailer to send messages over lmtp with tls enabled on the cyrus imap server.

I have a public smtp server running sendmail that is configured to forward received items to a second server running cyrus imapd version 3.4.3. if I disable tls on the second server the items are received with no issues, even if I am using mech: DIGEST-MD5 for authentication. I think the issue is that the public server with cyrusv2 mailer is not using starttls:

:inittls: Loading hard-coded DH parameters
: Set client CA list: Client cert requested, not required
: SSL_accept() incomplete -> wait
: SSL_accept() incomplete -> wait
: Doing a peer verify
: verify error:num=30:authority and subject key identifier mismatch
: certificate verify failed in SSL_accept() -> fail

I believe the "verify error:num=30:authority and subject key identifier mismatch" is caused when a non ssl connection is trying to connect to an port that has ssl enabled.

if I run  lmtptest from the public server it connects with out issue:

lmtptest -t "" -p 24 -m DIGEST-MD5 -a cyrus@xxxxxxxxxxx  -w mypassword imap.example.com

: inittls: Loading hard-coded DH parameters
: Set client CA list: Client cert requested, not required
: SSL_accept() incomplete -> wait
: SSL_accept() incomplete -> wait
: SSL_accept() succeeded -> done
: starttls: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits new) no authentication
: login: imap.example.com [x.x.x.x] cyrus@xxxxxxxxxxx DIGEST-MD5+TLS User logged in

Here is my Mailer config in the sendmail.cf file:

Mcyrusv2,       P=[IPC], F=lsDFMnqXzA@/:|m,
                S=EnvFromSMTP/HdrFromL, R=EnvToL/HdrToL, E=\r\n,
                T=DNS/RFC822/SMTP,
                A=TCP imap.example.com lmtps

I also tried:
             A=TCP imap.example.com lmtp

lmtp\lmtps is configured to use port 24 in /etc/services

Is there a option needed to tell the cyrusv2 mailer to use starttls for lmtp connections? The public server with cyrusv2 is cyrus-imapd 3.6.0-1. Both servers are using openssl 3.0

Disabling tls from imapd.conf on the imap (second) server does allow the items to be received. but I would prefer to have tls running.

Thank You




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]
  Powered by Linux