Server :: Sendmail As A Client Always Verifies Certificates Even With TLSSrv_options Set To V
Sep 11, 2010
My sendmail server makes use of the TLS_SRV_OPTIONS which is set to `V' meaning it shouldn't verify certificates. As a server, it doesn't and the {verify} macro shows "NOT" in the logs, showing that no certificate request was sent out.
Acting as a client though, and I'm talking both about the server acting as a client towards other mail servers and about the local mail submission agent, it always verifies certificates. My mail submission agent when contacting my own mail server verifies the mail servers' certificate and still, the mail server has not initiated any exchanging of certificates since it still says "verify=NOT" in the logs (whereas the same entry for the submission agent reads OK or FAIL depending on what I use).
So, does mail servers ALWAYS send out its certificates and when they do, the "client" in question (no matter if it's the mail server acting as client or the mail submission agent) validates it because the TLS_SRV_OPTIONS setting just applies to when it's running as a server, or is there a setting to tell Sendmail not to send out certificates since you're not in the business of certificate verification relaying anyways?
View 1 Replies
ADVERTISEMENT
Jun 28, 2009
I have vsftpd running as FTP server on Ubuntu 9.04 jaunty. Login works correctly with password for local users (those with an login account on the server) and without password for anonymous.
I want to further tighten security by requiring local users to provide a client certificate. But even if I include "require_cert=YES" and "validate_cert=YES" in etc/vsftpd.conf, clients without certificate are allowed to login; require_cert seems to be simply ignored.
View 1 Replies
View Related
Aug 24, 2010
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
View 7 Replies
View Related
Dec 2, 2010
I'm hoping someone here can help, as I've been beating my head on the wall for a week now with little advancement. I've found a number of tutorials on setting this up, however none of them have gotten me 100% of the way there. Here's my situation: home-based Fedora server (Core 8), running sendmail 8.14.2-1. Connecting to hosting company's smtp server over port 587, to bypass Verizon's blocking of port 25.
My /etc/mail/sendmail.mc file looks like this (comment lines removed):Quote:
divert(-1)dnl
define(`SMART_HOST', `smtp2.datarealm.com')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info.db')dnl
define(`RELAY_MAILER', `esmtp')dnl
[Code]....
View 14 Replies
View Related
Jan 17, 2009
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies
View Related
Nov 1, 2010
I am using webmin for my daily tasks. I have fedora 13, whenever I click on ''Sendmail M4 Configuration'' or Outgoing Addresses (generics)'' I get the following error message
Quote:
The Sendmail M4 configuration base directory /usr/share/sendmail-cf was not found on your system, or is not the correct directory. Maybe it has not been installed (common for packaged installs of Sendmail), or the module config is incorrect. I read documentation at sendmail.org, it seems that structure of directories for send mail has been changed in version sendmail-8.1.4 shipped with FC13. In webmin config module we have
Quote:
Sendmail M4 base directory = /usr/share/sendmail-cf
which is not there. I did a locate / sendmail-cf on the command line, it finds nothing
View 17 Replies
View Related
Apr 1, 2010
I recently modified sendmail.cf to use a third party SMTP server to send emails. It works great. But when I run sendmail from the command line, I have to specify the -C flag and force feed it the location of my sendmail.cf, or else it doesn't work.
So in other words, the following works great:
However, if I don't specify the -C flag, sendmail doesn't consider what's in the sendmail.cf and barfs:
I don't run sendmail as a daemon. I'm only using it to send emails. I know my modifications of sendmail.cf are correct because it works perfectly when I use the -C flag. I searched my disk to see if I could find another sendmail.cf on the machine and only the one in /etc/mail came up.
Why sendmail is not reading my sendmail.cf?
I'm running Sendmail version 8.14.2 on Fedora Core 8.
View 1 Replies
View Related
Apr 19, 2011
I've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
Code:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
code....
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates.
View 3 Replies
View Related
Apr 4, 2010
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
ssl.conf
Code:
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile /etc/pki/tls/certs/primary.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/primary.com.key
SSLCertificateChainFile /etc/pki/tls/certs/primary_gd_bundle.crt
View 14 Replies
View Related
Jun 11, 2011
I configured openLdap in RHEL5 on virtual achines,everything is working fine, I created a user called ldapuser,in LDAP server and i created a home directory for ldapuser in my LDAP client, now i can able to login to the both Server and client with ldapuser account....
Now here what am expecting is i want to export my server's home directory to the client, i dont want to create home directories manually in the client machine, i googled about that, and it can be done through autofs.....
what need to be done on the client and server side.
View 6 Replies
View Related
Jan 6, 2011
I have installed Ionix vCM onto a Red Hat Linux box. It correctly communicates with the collection server if I use the Ionix certificate. However, if I use a self-generate certificate, communication fails.
(1) How do I determine which PKI certificates are resident on the Red Hat box?
(2) How do I manually install a PKI certificate?
View 2 Replies
View Related
Jan 9, 2011
I run couple of sites on a virtual hosting environment and I am in need of adding additional SSL for a different domain name. From what I read on some forum topics indicate that SSL cert requires different IP address. meaning one cert for each IP. Is this true? If so, then I'm having some difficulties understanding the benefits of running virtual host if a server can't host multiple secured site through single IP. Any way to run multiple ssl site within virtual host environment. I'm hoping for a possible workaround.
View 3 Replies
View Related
Jul 26, 2009
I am having problems creating ssl certificates for use with openLDAP. Does anyone know a good centos tutorial as I am having problems finding ones by searching through google and the forums.
To clarify further I have a small network im trying to setup to use ldap for auth due to the size I figured using kerberos for auth would be a bit overkill.....
I have the server up and running fine however at the moment all auth is done by using clear text (which is fine as the network has no connection to the internet at current) however in the future it will so I am trying to use ssl however I am having confusing as which certificates I point to where in the slapd.conf file
View 2 Replies
View Related
Sep 17, 2010
i have a quick question about using plesk on centos 5.x server and installation of ssl certificates. if anyone out there has expertise with above,
View 1 Replies
View Related
Jan 5, 2010
I've recently been asked to setup our FTP server to accept connections from a remote host. They sent me a file "id_dsa.pub" with instructions to add this key to the xfer user.
Unfortunately I've no idea how to do this!
I'm running vsftpd 2.0.5 on Centos 5.3
View 4 Replies
View Related
Feb 17, 2010
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
View 6 Replies
View Related
Oct 7, 2010
I have one physical dedicated server. The name of the server is 'mail.iamghost.tld' which is obviously my Postfix mail server for my users. Now I generated SSL self signed certificates with 'OpenSSL' which is for 'mail.iamghost.tld'. I also have Apache installed on the same server to access my webmail application. I created a pointer record for 'url' to point to the same static I.P. as 'mail.iamghost.tld'. So my question is if I also want to encrypt site login's for url, do I need to generate a unique SSL certificate for 'url' or can I use my existing SSL certificates that are assigned to 'mail.iamghost.tld'? It's the same server but when people browse to my 'url' site, I don't want there to be an issue with the certificates saying it's for 'mail.iamghost.tld' when they're really communicating with 'url'.
View 5 Replies
View Related
Jun 25, 2009
I have a Nis server on Suse 11 which is configured using Yast and nis clients on Suse and CentOs .All clients which is on the Suse Os is working fine. But on CentOs , users couldn't login using nis username.I have mounted home directory using nfs in fstab . I can switch to nis users homedirectory only when i am root. But nis users could'nt login on reboot.' ypcat passwd username ' is showing the output . No selinux is enabled in the client .Is there is any problem with Suse server to Centos Client in nis ??
View 2 Replies
View Related
Jul 27, 2011
I am using postfix as spam Mailscanner to protect my mail server running sendmail. The problem is that when I forward an email from MailScanner mail me back with the following error:
<postmaster@localhost.@mydomain.com.>... Real domain name required for sender address (in reply to MAIL FROM command))
Jul 27 13:15:59 smtp postfix/local[28465]: C68AC1000001: to=<root@smtp.mydomain.com>,
[code]....
View 1 Replies
View Related
Apr 4, 2011
I recently setup an email server on Fedora Core (14). Sendmail is running and I am trying to authenticate from a client pc using imaps. I installed Cyrus-imap and it is running and listening on 993. When I try to login, it doesn't accept authentication even though I verified the user's password is correct. (tested with ssh)Is there something I have to do with Cyrus or on the server to allow connections to email? I have not used Cyrus before. I am attempting to access my mail folders via Sendmail and did not make mailboxes in Cyrus. I did allow imaps through the firewall.
View 1 Replies
View Related
Apr 7, 2011
Im not able to find good response on this from google, urgent help required.
While im looking at my smtp server log at /var/log/maillog, im having these two errors for which im unable to find the reason.
1)Could not open inline file /etc/MailScanner/reports/en/inline.sig.txt, No such file or directory
2)did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
View 1 Replies
View Related
Jun 7, 2010
After searching the forum I could not find a clear answer to my question so I am giving it a try...
I have installed a LAMP server with Postfix as mail server. The scripts send email as user www-data using the mail server on the same machine.
However, the email got rejected by external mail servers (failed reverse DNS check) so I setup a mail server that meets all needed requirements.
Now I would like to use this second server instead of the mail server on the LAMP server. I found that this could be done with changing sendmail settings in php.ini (I think).
However I am not sure how that will go: www-data is no actual user on the new email server (which requires authentication before sending). Do I need to create a new user on the email server or change the settings in php.ini to match an existing user?
View 1 Replies
View Related
Feb 24, 2010
I have users [URL] unable to send email to [URL]. [URL] user also unable to send email to [URL]. But both email addresses are fine as they can receive email from others or from [URL] and [URL]. I able to telnet mail server 110 and 25, no problem. Version: ESMTP Sendmail 8.12.10
Mail Log:
Feb 23 11:36:35 mail sendmail[16228]: o1N3aZxt016215: to=<xxx1@gas.com>, ctladdr=<xxx@abc.com> (501/501), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=442918, relay=gas.com, dsn=5.1.2, stat=Host unknown (Name server: gas.com: no data known)
[code]....
View 4 Replies
View Related
Jan 20, 2010
We're running a sendmail server on a fedora core 9 which we've configured recently. The problem is, the server is working fine but there are some e-mails that enter our server but doesn't get forwarded to the user.
Quote:
Quote:
Here it says "stat=Sent" but nothing from the above mail address has been received on the client's inbox. We've experienced this with Microsoft Outlook, Outlook Express and Thunderbird alike so far with Two(2) of our user accounts.
View 1 Replies
View Related
Feb 22, 2009
I'm new to send mail. I have a server with a public address and domain name. But I only want to implement a small sendmail network on our 20-user LAN. Can I turn my public server into a sendmail server? Are there any simple step-by-step instructions for this?
View 1 Replies
View Related
Mar 16, 2010
I am trying to setup a sendmail server on my dedicated server. It was pre-configured to use exim from cpanel. Is it possible to use exim for all emails from a a certain domain i setup on the server and sendmail for others?
ex.
domain1.com -> exim
domain2.com -> sendmail
If it is possible can someone let me know how i would go about doing this? If it is not how would i disable exim and use sendmail for all mail?
View 4 Replies
View Related
Feb 26, 2011
I'm setting up a full server configuration on Fedora, moving it from Mandriva which sadly faces a rather uncertain future. Things are going well and I will be ready (and more familiar with Fedora) in time to upgrade to Fedora 15.
What I have done so far in regard to networking setup:
I first removed Network Manager and replaced it with the network service (chkconfig --level 25 network on). That put an end to the overwriting of /etc/hosts, which now reads simply:
View 2 Replies
View Related
Jun 21, 2010
Having some issues setting up sendmail on a (basically) blank RHEL 5.5 server setup. My ultimate goal is to be able to automagically send logs / errors / notifications to ourselves from the server.
Our basic setup is a Win 2003 domain with exchange running on mail.domain.com.au.
I've edited the '/etc/mail/sendmail.mc' and added the :
Code:
line to it.
Also added the domain (domain.com.au) to the '/etc/mail/local-host-names' files
Also edited submit.mc and added
Code:
When I try and send a mail from root or a test user to one of the domain accounts, it seems to go fine, i.e no errors are reported but it never gets delivered.
From the mail logs:
Code:
So it seems to be sent to the queue no problems and when I check the queue :
Code:
Total requests: 0
Not nothing ever gets received. Am I missing something? I have read and read and read but dont seem to be getting any furthur.
So in the end this server doesn't need to do anything except be able to send mail from root to an external mail address.
View 1 Replies
View Related
Apr 24, 2009
I am trying to set up a mail server on centos5 using sendmail and dovecot, and eventually spamassassin and some antivirus filter as well. I'd also like to get the proper secure auth mechanism set up at some point too. But for starters, I've been having a lot of difficulty trying to even connect to the mail server from a client computer in the local network. I installed Eudora on the client and after some tweaking in dovecot I was able to connect to the mail server, but then when I try to send an email I get a "connection refused" error, with nothing being logged on the server that I can see.
The last time I set up a mail server was Fedora Core 2, so the configuration files have changed a bit to say the least, and I can't really refer back to those to set up this new server. Does anybody know of a good step-by-step doc on getting the mail server going? I've read the man pages and other various readme's, but these really only list out the available options with no really good explanation of what needs to be done to get the mail server going. If there isn't a full write-up on how to do this, I'll put something together when I'm finished so others can use it in the future.
View 7 Replies
View Related
Jan 5, 2011
i have configured sendmail server in my lan and it is working fine for me.but there is one little problem for me. i want mails send sunita should be received by vinita.sunita and vinita both are normal users on same pc.
for this i made entry in
Code:
/etc/aliases sunita: vinita
View 14 Replies
View Related
