Topic: Securemail rpm's broke 6.0b3 Help!

[John Lewis]

In a previous discussion regarding accessing email via ssl (http://forums.contribs.org/index.php?topic=18931.msg74825#msg74825), I decided to go and try Damien Curtain's sercuremail contribs (http://www.pagefault.org/code/e-smith.shtml#securemail)

Here are the RPM's I installed:
cvm-0.17-1.i386.rpm
e-smith-cvm-unix-0.0.3-4dc.noarch.rpm
e-smith-imaps-sme5.6-0.0.3-1dc.noarch.rpm
e-smith-pop3s-sme5.6-0.0.3-1dc.noarch.rpm
e-smith-securemail-0.0.3-3dc.noarch.rpm
e-smith-ssmtp-sme5.6-0.0.3-1dc.noarch.rpm

I installed them with:
rpm -Uvh --nodeps *.rpm (to ignore the wu-imap dependency)
/sbin/e-smith/signal-event post-upgrade

Now, no email client can authenticate to my 6.0b3 box.  Webmail, Outlook... nothing.

This is what I experienced after upgrading from 5.6u4 to 6.0b3.  My solution was to backup to desktop, and rebuild the server from scratch.

To avoid the above, which missed a lot of things, can ANYONE help me restore what pieces I need to regain email functionality in a stock 6.0b3 environment.  What RPM's can I reinstall from the CD to refresh everything?

Help!

[Bob King]

Uninstall each RPM you installed by do the following without quotes just insert the rpm name.

rpm -e --nodeps "rpm name"

Then do:

/sbin/e-smith/signal-event post-upgrade

May you will need to do:

/sbin/e-smith/signal-event reboot

That should get you back to where you started.

[John Lewis]

Thanks.  I've tried all of that, with no success.  The securemail rpm's must change/break something that does not back out properly with an rpm -e, or there is a switch that was changed to something incompatible.

Either way, my ability to authenticate my email clients is broken.

I am seeing this in my /var/log/secure:
Nov  9 23:06:38 gluon stunnel[2741]: Using 'imaps' as tcpwrapper service name
Nov  9 23:06:38 gluon stunnel[2741]: /usr/share/ssl/certs/securemail.pem: No such file or directory (2)
Nov  9 23:06:38 gluon xinetd[1383]: EXIT: imaps status=1 pid=2741 duration=0(sec)

Now to figure out how to create those files, or try to re-enable the install process so those files are created.  Why would a lack of key's break webmail and regulare pop3 and imap authentication?

If you are upgrading to 6.0b3, make sure you don't have the securemail rpm's installed!

I can't believe I'm going to have to go through the whole process of the broken backup restore again.  Sigh.

[Byte]

before you done rpm -e too all the packages did you disable secure mail from the webinterface?

If not it could still think your using securemail, if you have done rpm -e then you could probably run something like...

/sbin/e-smith/signal-event securemail disable

or somthing like this but dont quote me on that :-/

Hope this helps

Byte

[John Lewis]

I've tried this as well.  Installing all the rpm's, doing a post-upgrade, then setting the ssl settings to "disabled" in the webinterface, then rpm -e the rpm's again.

Still the same thing, my email clients cannot authenticate, with no error messages at all.

Any other ideas?  What logs should I be looking in?  Can I turn on some debugging somewhere to find out what's happening?

 Does this mean a re-install?

[byte]

Try looking in /var/log/messages see if that reports anything unsual

[John Lewis]

Thanks.  I am looking in
/var/log/messages - nothing
/var/log/secure - nothing
/var/log/cvm/current has the following (I have cvm-0.17.1 installed):
@400000003fafec6a0d2fffdc ./run: /usr/bin/cvm-unix-local: No such file or directory
@400000003fafec6a0d3026ec ./run: exec: /usr/bin/cvm-unix-local: cannot execute: No such file or directory

/var/log/imap/current has now:
@400000003fafe96220ab6164 tcpserver: ok 4196 216-12-13-52.cv.mvl.intelos.net:216.12.13.52:143 :66.98.176.33::38004
@400000003fafe9622115d364 2003.11.10 19:39:04 LOG5[4196:1024]: Using 'imap' as tcpwrapper service name
@400000003fafe96221449424 imapfront-auth[4200]: * OK imapfront ready.

And when the securemail packages were installed:
@400000003fafafa924cba3bc imapfront-auth[13426]: * OK imapfront ready.
@400000003fafafa92530512c 2003.11.10 15:32:47 LOG5[13425:1024]: stunnel 3.22 on i386-redhat-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.6b [engine] 9 Jul 2001
@400000003fafafa92535b414 2003.11.10 15:32:47 LOG5[13425:1024]: imap connected from 127.0.0.1:32912
@400000003fafafa92bfac03c imapfront-auth[13426]: * CAPABILITY IMAP4rev1
@400000003fafafa92bfbd97c imapfront-auth[13426]: 000B OK CAPABILITY completed
@400000003fafafa936aacdec imapfront-auth[13426]: 000C NO LOGIN failed
q

What exactly is imapfront-auth?  And where are its config files?

When I call it with a --help, i get the following:

# imapfront-auth --help
imapfront-auth[6556]: * NO $CVM_SASL_PLAIN is not set
* NO $CVM_SASL_PLAIN is not set

So can someone help me set imapfront-auth to use cvm properly?  Is there an RPM from 6.0b3 that will reset the cvm to imapfront settings?

Help!

[John Lewis]

Another update, pop3 access is working, so its just imap authentication which is broken.

I'm not seeing anything on these boards referring to imapfront-auth, nor could I find any reference to it in /home/e-smith/configuration

Where else could I look?

Thanks.

-JL

[Charlie Brady]

John Lewis wrote:

> /var/log/cvm/current has the following (I have cvm-0.17.1
> installed):

There's your problem. You had cvm-0.11-1 from the fresh 6.0b3 install, which contained /usr/bin/cvm-unix-local, and worked, and now you have cvm-0.17.1 which doesn't contain /usr/bin/cvm-unix-local (as you can see below), and doesn't work.

> @400000003fafec6a0d2fffdc ./run: /usr/bin/cvm-unix-local: No
> such file or directory
> @400000003fafec6a0d3026ec ./run: exec:
> /usr/bin/cvm-unix-local: cannot execute: No such file or
> directory

...

> What exactly is imapfront-auth?

It's an authentication front end for imap. See http://untroubled.org/mailfront/imapfront.html

>  And where are its config files?

It has none.

> Is there an RPM from 6.0b3 that will reset the cvm
> to imapfront settings?

The cvm-0.11-1 RPM. You'll need "-U --oldpackage" to install it over 0.17.

Charlie

[John Lewis]

WAHOOOOOOO!

That was it.  Thanks Charlie!

rpm -Uvh --oldpackage cvm-0.11-1.i386.rpm
/sbin/e-smith/signal-event post-upgrade

Did it.  I'm now successfully authenticating to imap, and webmail works.

So... if I install the 5.6 securemail rpm's with --nodeps, will that all work?

I'll start testing now!

[Baddogg]

John,

What was the final result on your sme6b3 with the secure email fix?

I have my e-mail server kicking messages that it interpretes to be out of the local LAN.  If I use http rather than https; no problems...

Did the instructions you followed do the trick other than you had the one wrong rpm?

Wes

[John Lewis]

No, the 5.6 rpm's did not work.  

e-smith-cvm-unix-0.0.3-4dc.noarch.rpm
wanted cvm-0.16 or higher, and meeting that is what broke the 6.0b3 authentication.

e-smith-imaps-sme5.6-0.0.3-1dc.noarch.rpm
want's wu-imap, which is not used in 6.0b3

I installed them anyway using --nodeps, but I could not access email via ssl.  I did not look hard enough to determine what wasn't working.

I'm currently using ssh tunnel's to secure my remote imap access, and my other remote users are poping and imaping in the clear until something comes along to make external client email access more secure.

-JL