Page 1 of 1
Plesk 10 / Imap SSL
Posted: Thu Feb 16, 2012 10:05 pm
by nobody
Hi Guys.
Imap wont work on SSL and I just got from ossec the error paster below. Any ideas ?
Code: Select all
imapd-ssl: couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Re: Plesk 10 / Imap SSL
Posted: Thu Feb 16, 2012 10:23 pm
by scott
el4 by any chance?
Re: Plesk 10 / Imap SSL
Posted: Fri Feb 17, 2012 9:20 am
by nobody
scott wrote:el4 by any chance?
el4 ?
Re: Plesk 10 / Imap SSL
Posted: Fri Feb 17, 2012 3:50 pm
by breun
EL4 = Enterprise Linux 4 = Red Hat Enterprise Linux 4, or a compatible distribution like CentOS 4.
Re: Plesk 10 / Imap SSL
Posted: Fri Feb 17, 2012 3:57 pm
by nobody
Nope. I am using CentOS 5.x with ASL installed.
Re: Plesk 10 / Imap SSL
Posted: Fri Feb 17, 2012 5:15 pm
by scott
there goes that idea... el4 has an older certificate issue.
Re: Plesk 10 / Imap SSL
Posted: Fri Feb 17, 2012 6:21 pm
by BruceLee
try to convert your CA certificate to PEM format and set TLS_TRUSTCERTS in the imapd-ssl config file to point to your PEM CA file.
Re: Plesk 10 / Imap SSL
Posted: Fri Feb 17, 2012 6:26 pm
by breun
This Parallels knowledge base article explains how to configure SSL for SMTP/IMAP/POP3:
http://kb.parallels.com/1062
Re: Plesk 10 / Imap SSL
Posted: Mon Apr 02, 2012 11:22 pm
by nobody
Sorry for the delayed response. It was permissions issue after all ... Changed them like the other files to 755 restarted the mail services and worked like a charm.
And now I come to another big question.
Ok, you can encrypt messages that come in and out of the servers when you are a user. But when the mailserber itself "passes by" a mail message to another mail server on the internet this isn't encrypted right ? Is there a way to make qmail to request other mail servers to start an encrypted session so all messages can be recieved - delivered securely ?
Re: Plesk 10 / Imap SSL
Posted: Tue Apr 03, 2012 4:40 pm
by faris
Qmail will encrypt by default when talking to another qmail server. I don't think this is anything to do with qmail itself -- it is part of the SMTP protocol, I think, so it would work with any server.
The key thing is that receiving server will advertise its capabilities, and the sending server will use them or not as it sees fit (and as its configuration/default tells it to do).
I have no idea where these things might be adjusted, although I seem to remember there were some things you could do in smtp[s]_psa in terms of incoming mail.
Re: Plesk 10 / Imap SSL
Posted: Fri Apr 20, 2012 6:38 am
by paulie
I think its these files that govern what will be advertised in terms of encryption offered as a server, and encryption that will be used when connecting server to server :
root@vz1038 control]# cat tlsserverciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:!MEDIUM
[root@vz1038 control]# cat tlsclientciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:!MEDIUM
[root@vz1038 control]# pwd
/var/qmail/control
[root@vz1038 control]#