Allowing authenticated users to relay via kolab postfix

Munson, Eric emunson at mgebm.net
Sun Jun 22 13:23:00 CEST 2014 

On 2014-06-19 02:16, hede wrote:
> Am Wed, 18 Jun 2014 22:15:25 -0400 schrieb "Munson, Eric" 
> <emunson at mgebm.net>:
> 
>> [...]
>> RCPT TO: admin at mydomain.net
>> RENEGOTIATING
>> [...]
> 
> The ssl connection sometimes renegotiates, that's quite normal, but
> that shouldn't happen while testing. Could simply be bad luck.
> Or have you tried several times? If this happens every time you try,
> then there's indeed something wrong.
> 
>> 554 5.5.1 Error: no valid recipients
> 
> If the renegotiation was bad luck, then this is probably simply an
> aftereffect of the renegotiation.

The renegotiating happens everytime I get to specify the RCPT TO: line.

> 
>> I am not sure what all that means.
> 
> I'm neither completely sure. But I try to help. :-)
> 
>> I am especially confused about the
>> verify error:num=19:self signed certificate in certificate chain bit
> 
> You didn't quote the ssl handshake. If openssl lists the correct cert
> (and "Certificate chain"), then it's probably correctly set up. Maybe
> your providers CA is unknown to openssl!?

Here is the chain that is dumped:
---
Certificate chain
  0 s:/OU=Domain Control Validated/OU=EssentialSSL 
Wildcard/CN=*.mydomain.net
    i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO 
RSA Domain Validation Secure Server CA
  1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO 
RSA Domain Validation Secure Server CA
    i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO 
RSA Certification Authority
  2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO 
RSA Certification Authority
    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root
  3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root
    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root
---
...
The handshake:
---
SSL handshake has read 6271 bytes and written 478 bytes
---

And the ticket lifetime is an hour, so unless I am missing something, 
the renegotiation shouldn't be happening in the middle of my session.

:/

Thanks for your help so far.
Eric

More information about the users mailing list