Re: sasl authentication failed
El 2012-01-16 a las 14:40 -0500, tony baldwin escribió:
(resending to the list)
> On Sat, January 14, 2012 4:55 pm, Camaleón wrote:
> > On Sat, 14 Jan 2012 15:26:30 -0500, tony baldwin wrote:
> >
> >> On Sat, January 14, 2012 12:41 pm, Camaleón wrote:
> >
> > (...)
> >
> >>> Tony, I would forget about the SSL part until you have configured your
> >>> Postfix to be in a workable state (sending/receiving e-mails with no
> >>> errors). Afterwards, you can start to setup the SSL certificate but not
> >>> before.
> >>>
> >>>
> >> I do have it working now, but the cert is still wrong.
> >
> > Okay, let's focus on that now.
> >
> >>>> When I configured postfix, I gave it tonybaldwin.org tonybaldwin.org
> >>>> is what shows in my main.cf I do know understand why anything says
> >>>> vulcan.linode.com
> >>>
> >>> This can come from SSL certificate file :-?
> >>
> >> yes, the cert says it is from vulcan.linode.com, while I am certain I
> >> have my hostname set as vulcan.tonybaldwin.org
> >
> > Your hostname (whatever is set to) has no effect on the SSL cert file.
> > You have to ensure that you created the certificate with the correct data.
> >
> > To see how it looks like you can:
> >
> > ***
> > openssl x509 -in /path/to/cert_file -noout -text
> > ***
>
> When I do the above, I get
> openssl x509 -in smtpd.cert -noout -text
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> encrypted stuff
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=US, ST=Connecticut, L=New Haven, O=Tony Baldwin, OU=web
> mail, CN=tonybaldwin.org/emailAddress=tony@tonybaldwin.org
> Validity
> Not Before: Jan 11 01:06:15 2012 GMT
> Not After : Jan 10 01:06:15 2013 GMT
> Subject: C=US, ST=Connecticut, L=New Haven, O=Tony Baldwin, OU=web
> mail, CN=tonybaldwin.org/emailAddress=tony@tonybaldwin.org
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (2048 bit)
> Modulus (2048 bit):
> encrypted stuff here...
>
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Subject Key Identifier:
> encrypted stuff here
> X509v3 Authority Key Identifier:
> keyid:encrypted stuff here
> DirName:/C=US/ST=Connecticut/L=New Haven/O=Tony
> Baldwin/OU=web
> mail/CN=tonybaldwin.org/emailAddress=tony@tonybaldwin.org
> serial:encrypted stuff
>
> X509v3 Basic Constraints:
> CA:TRUE
> Signature Algorithm: sha1WithRSAEncryption
> encrypted stuff here...
>
>
>
> >
> > The "CN=" field has to be "vulcan.tonybaldwin.org", if not I would redo
> > again that specific step:
>
> The CN= field shows only "tonybaldwin.org", but mutt tells me the cert is
> from vulcan.linode.com
Mmm, yes, the cert file seems to contain the right data.
> > http://library.linode.com/email/postfix/dovecot-mysql-debian-6-squeeze#sph_create-an-ssl-certificate-for-postfix
> >
>
> I did this probably a dozen times.
Okay :-)
> > Put special care when the openssl wizard asks for the "Common Name (eg,
> > YOUR name) []:", here you have to write "vulcan.tonybaldwin.org".
> >
>
> I swear I did this all dozen times.
Good X-)
> >> So, when I set up mutt at home, my laptop, etc., I see some error to
> >> the effect that the cert is from vulcan.linode.com, which disagrees
> >> with the host, vulcan.tonybaldwin.org.
> >> I just choose "(a) accept always", and it works, but it seems to me it
> >> would be better to have the cert correct.
> >
> > Sure, having the SSL cert file with the right data on it :-P
> >
> > However, unless you use a certificate coming from one of the authorized
> > companies you will still see a warning about its validity when connecting
> > from another computer.
>
> Maybe it doesn't matter, since I'm the only using mail on this server, and
> it's working for me as is, but I'd like to understand why the cert appears
> to have incorrect data, despite the parameters I passed to openssl.
I would run more tests, e.g.:
1/ Connect from another MUA (Thunderbird/Icedobe/Evolution/whatever)
and check if the error also appears from here.
2/ Run Mutt in debug mode (mutt -d 2), it will log to "~/.muttdebug0".
If you are sending the log file or upload to some place, remember to delete
any sensitive data which can contain.
Greetings,
--
Camaleón
Reply to: