Plesk 10 / Imap SSL

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
nobody
Forum Regular
Forum Regular
Posts: 349
Joined: Sun Mar 29, 2009 6:52 pm

Plesk 10 / Imap SSL

Unread post by nobody »

Hi Guys.

Imap wont work on SSL and I just got from ossec the error paster below. Any ideas ?

Code: Select all

 imapd-ssl: couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Plesk 10 / Imap SSL

Unread post by scott »

el4 by any chance?
nobody
Forum Regular
Forum Regular
Posts: 349
Joined: Sun Mar 29, 2009 6:52 pm

Re: Plesk 10 / Imap SSL

Unread post by nobody »

scott wrote:el4 by any chance?
el4 ?
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
breun
Long Time Forum Regular
Long Time Forum Regular
Posts: 2813
Joined: Sat Aug 20, 2005 9:30 am
Location: The Netherlands

Re: Plesk 10 / Imap SSL

Unread post by breun »

EL4 = Enterprise Linux 4 = Red Hat Enterprise Linux 4, or a compatible distribution like CentOS 4.
Lemonbit Internet Dedicated Server Management
nobody
Forum Regular
Forum Regular
Posts: 349
Joined: Sun Mar 29, 2009 6:52 pm

Re: Plesk 10 / Imap SSL

Unread post by nobody »

Nope. I am using CentOS 5.x with ASL installed.
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Plesk 10 / Imap SSL

Unread post by scott »

there goes that idea... el4 has an older certificate issue.
BruceLee
Forum Regular
Forum Regular
Posts: 879
Joined: Sat Mar 28, 2009 6:58 pm
Location: Germany

Re: Plesk 10 / Imap SSL

Unread post by BruceLee »

try to convert your CA certificate to PEM format and set TLS_TRUSTCERTS in the imapd-ssl config file to point to your PEM CA file.
breun
Long Time Forum Regular
Long Time Forum Regular
Posts: 2813
Joined: Sat Aug 20, 2005 9:30 am
Location: The Netherlands

Re: Plesk 10 / Imap SSL

Unread post by breun »

This Parallels knowledge base article explains how to configure SSL for SMTP/IMAP/POP3: http://kb.parallels.com/1062
Lemonbit Internet Dedicated Server Management
nobody
Forum Regular
Forum Regular
Posts: 349
Joined: Sun Mar 29, 2009 6:52 pm

Re: Plesk 10 / Imap SSL

Unread post by nobody »

Sorry for the delayed response. It was permissions issue after all ... Changed them like the other files to 755 restarted the mail services and worked like a charm.

And now I come to another big question.

Ok, you can encrypt messages that come in and out of the servers when you are a user. But when the mailserber itself "passes by" a mail message to another mail server on the internet this isn't encrypted right ? Is there a way to make qmail to request other mail servers to start an encrypted session so all messages can be recieved - delivered securely ?
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Plesk 10 / Imap SSL

Unread post by faris »

Qmail will encrypt by default when talking to another qmail server. I don't think this is anything to do with qmail itself -- it is part of the SMTP protocol, I think, so it would work with any server.

The key thing is that receiving server will advertise its capabilities, and the sending server will use them or not as it sees fit (and as its configuration/default tells it to do).

I have no idea where these things might be adjusted, although I seem to remember there were some things you could do in smtp[s]_psa in terms of incoming mail.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
paulie
Forum User
Forum User
Posts: 76
Joined: Tue Apr 20, 2010 2:49 am

Re: Plesk 10 / Imap SSL

Unread post by paulie »

I think its these files that govern what will be advertised in terms of encryption offered as a server, and encryption that will be used when connecting server to server :

root@vz1038 control]# cat tlsserverciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:!MEDIUM
[root@vz1038 control]# cat tlsclientciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:!MEDIUM
[root@vz1038 control]# pwd
/var/qmail/control
[root@vz1038 control]#
Post Reply