Topic: problem on SME 5.5 with SMTP over SSL

[Nathan Fowler]

Eric, I think I've isolated the problem, and Charlie, if you have this information available please provide it:

What command is used to invoke the smtpd daemon on SME 5.5?

[Nathan Fowler]

Charlie, are you calling /var/qmail/bin/qmail-smtpd  in SME 5.5?

[Charlie Brady]

Nathan Fowler wrote:

> What command is used to invoke the smtpd daemon on SME 5.5?

/var/service/smtpfront-qmail/run

Charlie

[Nathan Fowler]

Thanks Charlie:

Ok, I think your solution guys is to replace this line:
/usr/sbin/stunnel -d smtps -l /usr/sbin/smtpd -n smtp

With:
/usr/sbin/stunnel -d smtps -l /var/service/smtpfront-qmail/run -n smtp

Please let me know if this works.  

Thanks,
Nathan

[Charlie Brady]

Nathan Fowler wrote:

> Ok, I think your solution guys is to replace this line:
> /usr/sbin/stunnel -d smtps -l /usr/sbin/smtpd -n smtp
>
> With:
> /usr/sbin/stunnel -d smtps -l
> /var/service/smtpfront-qmail/run -n smtp
>
> Please let me know if this works.  

Nathan, I suggest that you look at /var/service/smtpfront-qmail/run before going any further. It's a "supervise" run script, and it runs tcpserver. IOW, it's used instead of xinetd, not as a script run from xinetd. Here is the script's content, FYI:

exec 2>&1
exec /usr/bin/env - \
     /usr/local/bin/envuidgid qmaild \
     /usr/local/bin/tcpserver\
   -U \
   -R \
   -x /etc/tcprules/tcp.smtp.cdb \
   -l 0 \
   0 smtp \
   /usr/local/bin/envdir ./env \
   /usr/bin/smtpfront-qmail

Charlie

[Nathan Fowler]

Yeah, I saw that and noticed that.  Keep in mind I don't run SME 5.5 so it's hard to diagnose and address issues to a box I'm not local with.  I was hoping you were providing me the path to the raw binary.

Shelby Moore was nice enough to give me root access to his box, hopefully I should get everything up and running pretty soon.  I'm leaving work now so it'll be later tonight until I have a chance to look at it again.

Nathan

[Eric Belhomme]

I tried modyfing /etc/xinetd.conf

and now OE says that

Votre serveur a mis fin à la connexion de manière inattendue. Les causes possibles peuvent être des problèmes au niveau du serveur ou du réseau, ou une trop longue période d'inactivité. Compte : 'mail.ricospirit.net', Serveur : 'mail.ricospirit.net', Protocole : SMTP, Port : 465, Sécurisé (SSL) : Oui, Numéro d'erreur : 0x800CCC0F
Le téléchargement des en-têtes du dossier 'Boîte de réception' n'est pas terminé. Votre serveur a mis fin à la connexion de manière inattendue. Les causes possibles peuvent être des problèmes au niveau du serveur ou du réseau, ou une trop longue période d'inactivité. Compte : 'mail.ricospirit.net', Serveur : 'mail.ricospirit.net', Protocole : IMAP, Réponse du serveur : '', Port : 993, Sécurisé (SSL) : Oui, Numéro d'erreur : 0x800CCC0F

and I get this on /var/log/messages
Jul 15 23:32:19 hole identd[3893]: Successful lookup: 1127 , 21 : daemon.daemon
Jul 15 23:32:24 hole xinetd[3898]: libwrap refused connection to imaps from 192.168.1.10
Jul 15 23:32:24 hole xinetd[3899]: libwrap refused connection to imaps from 192.168.1.10
Jul 15 23:32:25 hole xinetd[3902]: libwrap refused connection to ssmtp from 192.168.1.10
Jul 15 23:32:25 hole xinetd[3903]: libwrap refused connection to ssmtp from 192.168.1.10

I tried to undo changes, but it's still broken ! I logged into admin to do a re-configuration, with no success !

Now my MTA is TOTALLY BROKEN !!!

And of course I have no ideas to repair ((

Eric, sad...

[Eric Belhomme]

Ok, Bruno Garin gave me the solution on news:alt.e-smith.fr (Message-ID: )

Edit the file /services/smtpfront-qmail/run

Search the string :
0 smtp \

Replace it with :
0 smtp-backdoor \

Now you can restart qmail daemon :
service qmail restart

Bruno said it was a rights problem, with smtp rules witch block... I don't know what (I really have to learn more about MTA...)

Eric

[Nathan Fowler]

Eric, does this solution now work with stunnel using the syntax as described in the howto?

Nathan

[Nathan Fowler]

Ok, the stunnel SMTPS command you want to use is:

/usr/sbin/stunnel -N smtps -d 465 -l /usr/bin/smtpfront-qmail -n smtp

Ensure in /etc/hosts.allow you have:
smtps:ALL

This configuration will work for SME5.5/Mailfront, from the testing I was able to do.  Please let me know if this does/does not work for you.

Special thanks to Charlie, Eric, and Shelby for their help.

Nathan

[Nathan Fowler]

Correct to above post:

/usr/sbin/stunnel -T -N smtps -d 465 -l /usr/bin/smtpfront-qmail -n smtp

You must use -T for transparent Proxying.

Nathan

[Shelby Moore]

Just to keep you all up to date, Nathan has made a wonderful effort to get this to work, but so far no luck.  The previous mentioned method does not work.

Eric if you have this working now, more info and what HowTo you have used would be helpful.

Looks like I may be rebuilding my server back to SME 5.  Thanks All!

Shelby

[Charlie Campbell]

ok so now the question is can someone make an updated HOWTO on this with the proper commands for SME 5.5? If so it would be greatly appreciated by those of us new to SME and those of us following this thread. thanks.

Charlie

[Eric Belhomme]

sorry but I didn't found the answer and at this time I really don't have time to search for !
So i disactivd it an actually I use webmail over sll :-\

[Chris O'Donovan]

If you run SMTP over stunnel doesn't that mean that you are running a open relay?

The SMTP server sees the connections as coming from 127.0.0.1 and doesn't consider it a relay.

Sure the connection is SSL encrypted but can't anyone use it?

Chris