Hi,
I upgraded an debian lenny installation to squeeze. This Server runs courier
pop/pop-ssl/imap/imap-ssl at 127.0.0.1 and perdition at external interface.
After upgrading perdition does not start anymore and I find out three
things:
1st - (perhaps debian related) the init script returns an error at checking
for pid file after starting perdition processes, insterting 'sleep 1'
between starting the deamon and checking for the pid file resolves this
issue
2nd - using "log_facility /some/file" does not work anymore; I checked the
path and files permissions - all right, I set up 'debug' and logfille is
filled with all start parameters but no error and the deamon is not running.
How to get my special perdition.log back?
3rd - I can't use ssl anymore. Testing ports 995 and 993 at localhost
(remember: courier itself) using nagios check_imap/pop plugin everything
works fine. Using the same check to external IP (perdition) I get the
following error:
[...]
ns1:/etc# /usr/lib/nagios/plugins/check_pop -H 78.xx.xx.xx -S -p 995
CRITICAL - Cannot make SSL connection
14878:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:607:
[...]
How to get SSL back?
I think at first we have to repair the log function and afterwards we can
use it to remove the SSL problem.
Here folows my configuration:
/etc/default/perdition
[...]
RUN_PERDITION=yes
POP3=yes
POP3_FLAGS=" --ssl_mode tls_listen --outgoing_port 110"
POP3S=yes
POP3S_FLAGS=" --ssl_mode tls_listen --outgoing_port 995"
IMAP4=yes
IMAP4_FLAGS=" --ssl_mode tls_listen --outgoing_port 143"
IMAP4S=yes
IMAP4S_FLAGS=" --ssl_mode tls_listen --outgoing_port 993"
MANAGESIEVE=no
MANAGESIEVE_FLAGS=
[...]
/etc/perdition/perdition.conf
[...]
bind_address 78.xx.xx.xx
imap_capability "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256
IDLE"
connection_limit 128
server_resp_line
outgoing_server 127.0.0.1
ssl_cert_file /etc/perdition/perdition.crt.pem
ssl_cert_accept_self_signed
ssl_key_file /etc/perdition/perdition.key.pem
ssl_no_cert_verify
ssl_no_cn_verify
[...]
What else do you need?
I hope somebody can help. Thanks.
Mit freundlichen Grüßen / With kind regards
Ronny Seffner
--
Ronny Seffner | Alter Viehweg 1 | 01665 Triebischtal
www.seffner.de | ronny(a)seffner.de | +49 35245 72950