Menu
▾
▴
Re: [Assp-user] version 2
|
From: Paul F. <as...@th...> - 2011-09-29 04:16:50
|
tried that also and it doesn't appear to work. The password that was in there seems to be an encrypted one so I don;t think you can just change the password in the config file - I may be wrong. On Wed, 28 Sep 2011 21:13:03 -0700, Jeremy McSpadden wrote: > Edit the config file and set it. > > > -- > Jeremy McSpadden > > On Sep 28, 2011, at 11:10 PM, "Paul Farrow" <as...@th...> > wrote: > >> >> Thanks but I believe that shouldn't be necessary. It works for my >> webmail client and android phone but not Thunderbird on mac or pc >> via >> port 465. >> >> I then tried to get to the admin webserver to see the settings and I >> can't since upgrading, its like the password is not correct. It >> used to >> be nospam4me but cant get that to work. Any ideas on that anyone? >> >> Thanks >> >> Paul >> >> On Wed, 28 Sep 2011 20:02:45 -0700, Jeremy McSpadden wrote: >>> ASSP SSL support on port 465 using stunnel (#03) >>> ( updated 11 Mar 2011 , compatible with all ASSP versions) >>> >>> Be sure your all your ASSP alternative ports (listePort2) are >>> allowed >>> on your firewall (TCP IN/OUT). >>> Using below "how to" you can use SMTP SSL/TLS to send email >>> securely >>> using port 465. >>> If you want secure imap receiving , you should use port 143 with >>> STARTTLS >>> If you want secure pop3 receiving , you should use port 110 with >>> STARTTLS >>> >>> Thanks to Szymon Rybczynski >>> (pro-net-hosting.com<http://pro-net-hosting.com> and prohost.pl) >>> >>> HOW TO >>> All lines starting with # are commands to execute as root. >>> >>> 1. You need stunnel installed. Cpanel should have stunnel >>> installed. >>> To check: >>> # stunnel -version >>> If you get something like "stunnel 4.05 on i686-redhat-linux-gnu >>> PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003" you can continue. >>> >>> 2. You can make your own certificate for SSL or use cPanel cert. >>> This >>> howto shows how to use cPpanel cert. To make your own cert just >>> search >>> google for instruction and change cert path in stunnel.conf to your >>> cert. >>> >>> 3. Setting up stunnel user and config file: >>> >>> >>> # adduser stunnel;passwd stunnel >>> >>> >>> Set password for user stunnel >>> >>> # cd /etc/stunnel;nano -w stunnel.conf >>> >>> copy and paste this: >>> >>> cert = /etc/stunnel/cpanel.pem >>> chroot = /usr/local/cpanel/var/run/stunnel-assp/ >>> pid = /stunnel.pid >>> setuid = stunnel >>> setgid = stunnel >>> output = /var/log/stunnel.log >>> [ssmtp] >>> accept = 465 >>> connect = 127.0.0.2:26 >>> >>> >>> note : you should replace 26 with your preferred alternative port >>> you >>> have setup in listenPort2 , by default you will find port 26 >>> Save the file. >>> >>> 4. Copy cPanel cert. >>> >>> If you have set correctly your own certificate for your cpanel/exim >>> services in >>> WHM > Service Configuration >> Manage Service SSL Certificates >>> >>> execute this >>> >>> # cp /var/cpanel/ssl/cpanel/mycpanel.pem /etc/stunnel/cpanel.pem >>> >>> >>> otherwise execute this >>> >>> # cp /var/cpanel/ssl/cpanel/cpanel.pem /etc/stunnel/cpanel.pem >>> >>> Note : if /usr/local/cpanel/etc/cpanel.pem or (mycpanel.pem) does >>> not >>> exists you can find >>> the cpanel certificate also here >>> /var/cpanel/ssl/cpanel/cpanel.pem , in this case execute this >>> # cp /usr/local/cpanel/etc/cpanel.pem /etc/stunnel/ >>> >>> Now execute this >>> >>> >>> # cd /etc/stunnel/;chown stunnel.stunnel cpanel.pem >>> >>> >>> >>> 5. Create run dir. >>> >>> # cd /usr/local/cpanel/var/run/;mkdir stunnel-assp;chown >>> stunnel.stunnel stunnel-assp >>> >>> >>> 6. Setup 127.0.0.2 - if you don't do this you will create open >>> relay >>> on SSL port. >>> >>> >>> # cp /etc/sysconfig/network-scripts/ifcfg-lo >>> /etc/sysconfig/network-scripts/ifcfg-lo:1; >>> # nano -w /etc/sysconfig/network-scripts/ifcfg-lo:1 >>> >>> Change it to look like this: >>> >>> >>> DEVICE=lo:1 >>> IPADDR=127.0.0.2 >>> NETMASK=255.0.0.0 >>> NETWORK=127.0.0.0 >>> BROADCAST=127.255.255.255 >>> ONBOOT=yes >>> NAME=myloop >>> Save. >>> >>> 7. Now bring lo:1 up. >>> >>> >>> # /etc/sysconfig/network-scripts/ifup-aliases lo >>> >>> # ifconfig >>> >>> It should now list 127.0.0.2 >>> >>> 8. Login to ASSP web interface (ip:55555) and change: >>> Network Setup: >>> ------------ >>> Second SMTP Listen Port >>> 26 >>> ------------ >>> Second SMTP Destination >>> 127.0.0.1:125 >>> ------------ >>> Force SMTP AUTH on Second SMTP Listen Port >>> Checked >>> ------------ >>> >>> Relaying: >>> ------------ >>> Accept All Mail >>> 127.0.0.1 >>> >>> If you make a mistake here you can make your mail server open relay >>> so double check the settings. >>> >>> 8. Open TCP IN/OUT port 465 on your firewall. >>> >>> 9. Now you are ready to start stunnel. Execute: >>> >>> # stunnel /etc/stunnel/stunnel.conf >>> >>> At this moment your SSL connection should work. Test it: >>> >>> # openssl s_client -quiet -connect localhost:465 >>> >>> >>> If you get error then something is wrong and you need to check >>> /var/log/stunnel.log >>> >>> If you get something like: >>> "depth=0 >>> >>> >>> /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net >>> verify error:num=18:self signed certificate >>> verify return:1 >>> depth=0 >>> >>> >>> /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net >>> verify return:1 >>> 220-pol.nameserverus2.com<http://220-pol.nameserverus2.com> ESMTP >>> Exim 4.63 #1 Mon, 23 Jul 2007 15:42:14 +0200 >>> 220-We do not authorize the use of this system to transport >>> unsolicited, >>> 220 and/or bulk e-mail." >>> >>> Everything is ok and ready to use. >>> >>> Note If you don't want see SSL popup when you send email using port >>> 465 be sure that at point 4) you copied the mycpanel.pem >>> certificate >>> and your users must send email using as smtp the address of your >>> shared ssl . If you change the .pem file , and you can't see the >>> new >>> certificate loaded correctly using >>> >>> # openssl s_client -quiet -connect localhost:465 >>> >>> execute this >>> >>> # service cpanel restart >>> # /usr/local/cpanel/3rdparty/bin/php-cgi >>> /usr/local/assp/deluxe/ex_localdomains.php >>> >>> now if you execute this >>> >>> # openssl s_client -quiet -connect localhost:465 >>> >>> you should see your server SSL certificate. >>> >>> >>> 10. if you would monitor stunnel daemon in case it goes down you >>> can >>> add check_ssl=yes to your status.php cron in this way >>> >>> */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi >>> /usr/local/assp/deluxe/status.php check_ssl=yes >>> >>> If you are using an alternative port different from port 26 , i.e. >>> 40000 , in this case you should add also altport=40000 >>> >>> */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi >>> /usr/local/assp/deluxe/status.php check_ssl=yes altport=40000 >>> >>> -- >>> Jeremy McSpadden >>> Flux Labs, Inc >>> http://www.fluxlabs.net<http://www.fluxlabs.net/> >>> Endless Solutions >>> Office : 850-588-4626 >>> Cell : 850-890-2543 >>> Fax : 850-254-2955 >>> >>> On Sep 28, 2011, at 9:58 PM, Paul Farrow wrote: >>> >>> >>> played around with the settings in thunderbird now and getting this >>> >>> Sep-28-11 22:57:34 [Worker_1] Connected: 10.1.10.149:49970 > >>> 70.88.29.81:465 > 70.88.29.81:34217 > 70.88.29.81:125 , 4-16 >>> Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 Message-Score: added 25 >>> for >>> EarlyTalker, total score for this message is now 25 >>> Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1 >>> Misbehaved SMTP session (EarlyTalker) >>> Sep-28-11 22:57:34 [Worker_1] Disconnected: 10.1.10.149 - command >>> list >>> was 'n/a' - used 1 SocketCalls >>> >>> >>> any ideas? >>> >>> Thanks >>> >>> Paul >>> >>> On Wed, 28 Sep 2011 19:53:44 -0700, Jeremy McSpadden wrote: >>> What's accepting the ssl connection? Are you using stunnel ? Or the >>> SSL in ASSP? >>> >>> >>> -- >>> Jeremy McSpadden >>> >>> On Sep 28, 2011, at 9:51 PM, "Paul Farrow" >>> <as...@th...<mailto:as...@th...>> >>> wrote: >>> >>> >>> not with you ?? >>> >>> Sorry >>> >>> On Wed, 28 Sep 2011 19:48:14 -0700, Jeremy McSpadden wrote: >>> Using stunnel ? >>> >>> >>> -- >>> Jeremy McSpadden >>> >>> On Sep 28, 2011, at 9:46 PM, "Paul Farrow" >>> <as...@th...<mailto:as...@th...>> >>> wrote: >>> >>> >>> >>> Since upgrading to version 2, instead of an intermittent problem >>> with Thunderbird I have a problem all the time. >>> >>> The logs say this >>> >>> >>> Sep-28-11 22:40:00 [Worker_1] Connected: 10.1.10.149:49617 > >>> 70.88.29.81:465 > 70.88.29.81:56683 > 70.88.29.81:125 , 4-16 >>> Sep-28-11 >>> 22:40:00 [Worker_1] 10.1.10.149 info: removed '250-STARTTLS' from >>> reply >>> Sep-28-11 22:40:00 [Worker_1] Disconnected: 10.1.10.149 - command >>> list was 'EHLO,QUIT' - used 2 SocketCalls >>> >>> and thunderbird says >>> >>> >>> Thanks >>> >>> -- >>> Paul >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and >>> makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy1 >>> _______________________________________________ >>> Assp-user mailing list >>> >>> >>> Ass...@li...<mailto:Ass...@li...> >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and >>> makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy1 >>> _______________________________________________ >>> Assp-user mailing list >>> >>> >>> Ass...@li...<mailto:Ass...@li...> >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and >>> makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy1 >>> _______________________________________________ >>> Assp-user mailing list >>> >>> >>> Ass...@li...<mailto:Ass...@li...> >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and >>> makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy1 >>> _______________________________________________ >>> Assp-user mailing list >>> >>> >>> Ass...@li...<mailto:Ass...@li...> >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and >>> makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy1 >>> _______________________________________________ >>> Assp-user mailing list >>> Ass...@li... >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and >>> makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy1 >>> _______________________________________________ >>> Assp-user mailing list >>> Ass...@li... >>> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and >> makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> _______________________________________________ >> Assp-user mailing list >> Ass...@li... >> https://lists.sourceforge.net/lists/listinfo/assp-user >> > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user |