0

Having Problems with imap/pop3 (ssl)

Danny 5 years ago updated by Benji Skool 4 years ago 7
hello.

during the setup of ajenti i ran into the ssl problems which got fixed by upgrading the python packages with pip and some copy/paste work from the bugtracker on github. panel works fine now. currently im working on the mailboxes and theres a problem with mainly ssl (startls).

when i try to fetch the mails (i am using thunderird) i cannot connect when using ssl.
i tried to create the mailbox multiple times with different settings
this is the outcome:

imap = works
imap ssl = found but cant connect
pop = works
pop ssl = cannot find
smtp = works
smtp ssl = works

the mails arrive and forwarding works too

please help!
This is how a connection refuse on thunderbird looks in the mail log (imap)

Aug 24 07:29:01 rs000101 imapd: LOGIN, user=blah@xxxxx.net, ip=[::ffff:xxxxx], port=[54169], protocol=IMAP
Aug 24 07:29:01 rs000101 imapd: LOGOUT, user=blah@xxxxx.net, ip=[::ffff:xxxxx], headers=0, body=0, rcvd=10, sent=234, time=0

and the failed ssl connection on pop3 looks similar, just with "Connected" and "Disconnected"...
I just figured out, when on imap without ssl, thunderbird gives me this warning:

Filesystem notification initialization error — contact your mail administrator (check for configuration errors with the FAM/Gamin library)

but i guess its because i have multiple mailboxes with the same account in thunderbird active :)


Ssl works fine on ftp and http by the way

Update: i created a new mailbox and tried the imap/pop tests again.
now it finds pop3 ssl and asks for the acception of an unsigned ssl. if i approve, it works, and if i disapprove
it gives the same error as imap gives always (cant connect, check password). imap ssl shows no certificate, just gives error.

so maybe the problem is about the unsigned certificate?
Found more info in the log:

Aug 25 05:07:38 rs000101 imapd-ssl: couriertls: /etc/courier/mail.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

EDIT:
Problem fixed!


ajenti installation did not setup "/etc/courier/imapd-ssl" correctly.
or maybe the ssl setup inside ajenti cant write to the file...
whatever is the problem, it can be fixed by manually editing the file.


i had to change this line:

TLS_CERTFILE=/etc/courier/mail.pem
to
TLS_CERTFILE=/etc/ssl/certs/my.server.name.pem

and add those lines:

TLS_DHPARAMS=/etc/courier/dhparams.pem
TLS_TRUSTCERTS=/etc/ssl/certs




WORKS NOW!
After restarting the courier services and creating more mailboxes, the problem comes back.
the manually changed imapd-ssl got overwritten again... how can i fix that ?!

EDIT: with an audit i found out that the file gets changed when i create new mailboxes in ajenti.
rebooting doesnt overwrite it, but creating new mailboxes (maybe also editing existing ones) does.

PLEASE HELP!!!!


files that get overwritten:

imapd
imapd-ssl
all user** files and authdemon

files that get not overwritten:

all the pop files
FIXED by manually deleting "templates.pyc" and editing "templates.py" at "/var/lib/ajenti/plugins/vh-mail"

at the bottom of the file u can see the data that will be written into the imapd-ssl, after a change.
just apply the changes from above to this file and the template will be saved, after a restart of ajenti and courier.
+1
I am experiencing the same problem. Did /etc/ssl/certs/my.server.name.pem already exist for you? Because I have a ton of .pem files in there and none of them with my server name.