1.4.x imapd SSL courier-imap-ssl klappt nicht.. SSL ist aktiviert.

  • Hallo,


    ich habe folgendes problem. Seit dem upgrade auf version 1.4.x kann ich mich nicht mehr per TLS anmelden. Ok soweit, steht ja auch auf github mit dem PLAIN PW.
    Nun habe ich auch unser SSL zertifikat eingebunden.


    SMTP klappt einwandfrei mit SSL... aber anmelden klappt leider überhaupt nicht mehr. Hat jemand dazu eine idee. Leider gibt auch die log selbst im Debug mode keine dienliche Info.
    Das wesentliche Problem ist das wenn ich PLAIN anmelde auf imapd per Man in the middel alle passwörter auslesbar sind.


    mit freundlichen Grüßen
    d43M0n23

  • @d43M0n23


    You mean that you cannot connect to IMAP server using TLS (STARTTLS) and plain password?


    First, make sure that your SSL certificate is valid and that in your client parameters, the name used for the IMAP server is the one from your SSL certificate.


    Also please, do the following


    Shell-Script
    1. # tail -fn0 /var/log/mail.log


    Then, try to connect using STARTSSL and plain password to your IMAP account and post us the output of the above command.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi nuxwin


    My SSL Cert is vaild, server name imap is the same name from certificat.


    this is mail.log part with using Thunderbird

    Code
    1. Apr 20 10:05:22 isp imapd: Connection, ip=[::ffff:84.113.xxx.xx]Apr 20 10:05:22 isp postfix/smtpd[18916]: connect from 84-113-xxx-xx.cable.dynamic.surfer.at[84.113.xxx.xx]Apr 20 10:05:22 isp imapd: LOGOUT, ip=[::ffff:84.113.xxx.xx], rcvd=24, sent=464Apr 20 10:05:22 isp postfix/smtpd[18916]: improper command pipelining after EHLO from 84-113-xxx-xx.cable.dynamic.surfer.at[84.113.xxx.xx]: QUIT\r\nApr 20 10:05:22 isp postfix/smtpd[18916]: disconnect from 84-113-xxx-xx.cable.dynamic.surfer.at[84.113.xxx.xx]



    this is mail.log part with outlook.

    Code
    1. Apr 20 11:46:32 isp imapd: Connection, ip=[::ffff:84.113.xxx.xx]Apr 20 11:46:34 isp imapd: Disconnected, ip=[::ffff:84.113.xxx.xx], time=2Apr 20 11:46:37 isp imapd: Connection, ip=[::ffff:84.113.xxx.xx]Apr 20 11:47:38 isp authdaemond: authmysql: sysusername=<null>, sysuserid=1001, sysgroupid=8, homedir=/var/mail/virtual, [email protected], [email protected], maildir=xcoorp.com/alex/, quota=0S, options=<null>Apr 20 11:47:38 isp authdaemond: Authenticated: sysusername=<null>, sysuserid=1001, sysgroupid=8, homedir=/var/mail/virtual, [email protected], [email protected], maildir=xcoorp.com/alex/, quota=0S, options=<null>Apr 20 11:47:38 isp postfix/smtpd[27976]: 56AB819C04C: client=84-113-xxx-xx.cable.dynamic.surfer.at[84.113.xxx.xx], sasl_method=LOGIN, [email protected] 20 11:47:38 isp postfix/cleanup[27973]: 56AB819C04C: message-id=<>Apr 20 11:47:38 isp postfix/qmgr[19793]: 56AB819C04C: from=<[email protected]>, size=777, nrcpt=1 (queue active)Apr 20 11:47:38 isp authdaemond: received userid lookup request: [email protected] 20 11:47:38 isp authdaemond: authmysql: trying this moduleApr 20 11:47:38 isp authdaemond: SQL query: SELECT mail_addr, mail_pass, "", '1001', '8', '/var/mail/virtual', concat(SUBSTRING(mail_addr, LOCATE('@', mail_addr)+1), '/', mail_acc, '/'), concat(quota,'S'), mail_addr, "" FROM mail_users WHERE mail_addr = '[email protected]' AND (status = 'ok' AND po_active = 'yes')Apr 20 11:47:38 isp authdaemond: Authenticated: sysusername=<null>, sysuserid=1001, sysgroupid=8, homedir=/var/mail/virtual, [email protected], [email protected], maildir=xcoorp.com/alex/, quota=0S, options=<null>Apr 20 11:47:38 isp postfix/pipe[27979]: 56AB819C04C: to=<[email protected]>, relay=maildrop, delay=0.6, delays=0.6/0/0/0.01, dsn=2.0.0, status=sent (delivered via maildrop service)Apr 20 11:47:38 isp postfix/qmgr[19793]: 56AB819C04C: removedApr 20 11:47:38 isp postfix/smtpd[27976]: disconnect from 84-113-xxx-xx.cable.dynamic.surfer.at[84.113.xxx.xx]Apr 20 11:47:39 isp spamd[898]: prefork: child states: II


    here the courier-imap-ssl status:


    without tls in outlook or starttls in thunderbird it works perfekt but i can with man in the middle attack easy read all Password @ connection ... ;/


    my settings TB:


    my settings outlook2013:

    normaly i make SSL config manual @ postfix and courier..this time im using your autoinstaller to aktivate SSL...
    the Panel works fine with it.


    any idea.


    best regards d43M0n23

  • Apr 20 10:05:22 isp postfix/smtpd[18916]: improper command pipelining after EHLO from 84-113-xxx-xx.cable.dynamic.surfer.at[84.113.xxx.xx]: QUIT\r\n

    It seem that you have an error regarding a pipe command. Please show us your postfix /etc/postfix/master.cf file. Beside this, I don't see any error regarding TLS.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • okay,


    this is my master.cf file

  • @d43M0n23


    I don't see any problem in your master.cf file. Well, I'll process some test on my server. I stay you informed.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • I cannot confirm the problem with STARTTLS (port 143), nor with SSL (port 993). All is working as expected.


    Relevant logs from my tests:


    Connection to courier-imap-ssl server on port 993 (SSL/TLS)


    Shell-Script
    1. [email protected]:~# tail -fn0 /var/log/mail.logApr 21 03:19:05 www imapd-ssl: Connection, ip=[::ffff:192.168.1.1]Apr 21 03:19:05 www imapd-ssl: LOGIN, [email protected], ip=[::ffff:192.168.1.1], port=[54447], protocol=IMAPApr 21 03:19:11 www imapd-ssl: DISCONNECTED, [email protected], ip=[::ffff:192.168.1.1], headers=0, body=0, rcvd=256, sent=1053, time=6, starttls=1

    Connection to courier-imap server on port 143 (STARTTLS)

    Shell-Script
    1. [email protected]:~# tail -fn0 /var/log/mail.log
    2. Apr 21 03:21:00 www imapd: Connection, ip=[::ffff:192.168.1.1]
    3. Apr 21 03:21:00 www imapd: LOGIN, user=[email protected], ip=[::ffff:192.168.1.1], port=[47190], protocol=IMAP
    4. Apr 21 03:21:04 www imapd: DISCONNECTED, user=[email protected], ip=[::ffff:192.168.1.1], headers=0, body=0, rcvd=75, sent=464, time=4, starttls=1


    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206