On 2016年12月18日 23:59, igor_123 wrote: > Paul, thanks for your answer. > > > Paul Lesniewski wrote >>> B. Update SMTP Settings : localhost:25 >> >> Port 25? > > Yes. As you say, smtp settings are irreIevant to imap tls ones. Also, I see > no problem with this port. In my smtp setup, tls is used for communications > of a client with smtpd. It's OT, but it's not usually a good idea to mix inbound untrusted traffic with outbound trusted. Among other things, it makes applying good policies more difficult/convoluted. >> ... >>> Printing out the contents of smtpd.cert confirms that >>> CN=uranus.sai.msu.ru >> >> But is the CA available (to SM) and known? > > How do I check the availability of CA to SM? Known to whom? As I said, my > certificate/key pair is self-signed and simple (without chains). The cert > file is smtpd.cert, the key is smtpd.key. Even though it's self-signed, it's still signed. The CA is whatever you signed it with, however I think if you set verify_peer you should be turning that verification off. >>> Adding these lines to squirrelmail's config_local.php >>> >>> $imap_stream_options = array( >>> 'ssl' => array( >>> 'cafile' => '/etc/postfix/smtpd.cert', >> >> That does not look like a CA cert path to me. > > Yes, the path is non-standart, this is a testing environment. Still should > be not a problem since the path is provided in dovecot config. No, the point is that that cert may not be your CA. > Paul Lesniewski wrote >>> 'verify_peer' => false, >>> 'verify_depth' => 1, >>> ), >>> ); >>> >>> does not change anything. >> >> Did you verify if those are being used in the code? > > No. I assumed that if including these lines was your recommendation to > David, SM should use them. You can only make such assumptions if you're running the newest version of SM from our website. I don't know what patches RedHat is putting in their packages of SM. At a minimum, test it with the latest SM code, and if that works, then you know where the problem is. > Paul Lesniewski wrote >> The solution might >> be as simple as using a 1.4.23-SVN snapshot from our downloads page. >> I'd try that before anything else. > > I will. Although, honestly, I would prefer to use the SM package from the > official repository. I have to implement it in several servers and managing > all them manually is too much trouble... Then you should take your query to the package maintainer; we can't help you with other people's repackaging/old versions. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
