Squirrelmail:115 Can't Open SMTP Stream.
Semih Gokalp
I asked this problem to squirrelmail-users mail list but I could not answer about this problem so If it doesn't problem,I want to ask this problem to debian users mail list.
I have Debian 4.0 Etch and i use Postfix 2.3.8-2 and Dovecot 1.0.rc15-2etch4 IMAP and POP3 Server that is TLS support.I am using Mysql for Virtual domain and authentication.
But i have error on browser like this:"Operation now in progress
Server replied: 115 Can't open SMTP stream." when i try send email on squirrelmail.I have not a problem(All Authentication and all rules work without any problem) when i use Thunderbird or Evolution.
I searched this error on google but i can not find beneficial post or documents about this problem.
If I dont use TLS parameters on Postfix main.cf,squirrelmail send email without any problem but If I use TLS or choose "Secure SMTP (TLS) : false" on squirrelmail "Server Setting",squirrelmail dont sent email.
Squirrelmail "Server Setting" configuration like below:
General
-------
1. Domain : xyz.com
2. Invert Time : false
3. Sendmail or SMTP : SMTP
SMTP Settings
-------------
4. SMTP Server : 127.0.0.1
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : true
9. Header encryption key :
and output from mail.log with TLS support like below:
#
Jul 14 11:05:48 debian postfix/smtpd[4403]: connect from localhost[127.0.0.1]
Jul 14 11:05:48 debian postfix/smtpd[4403]: lost connection after UNKNOWN from localhost[127.0.0.1]
Jul 14 11:05:48 debian postfix/smtpd[4403]: disconnect from localhost[127.0.0.1]
#
and output from mail.log without TLS support (removed TLS parameters from main.cf and choosed "false" on squirrelmail Server Setting-Secure SMTP (TLS) : false):
#
Jul 14 11:06:46 debian postfix/smtpd[4463]: connect from localhost[127.0.0.1]
Jul 14 11:06:46 debian postfix/smtpd[4463]: E0ED83781E: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=a...@xyz.com
Jul 14 11:06:46 debian postfix/cleanup[4467]: E0ED83781E: message-id=<e6ca13963aa61e59633f...@mail.xyz.com>
Jul 14 11:06:46 debian postfix/qmgr[4401]: E0ED83781E: from=<a...@xyz.com>, size=726, nrcpt=1 (queue active)
Jul 14 11:06:46 debian dovecot: imap-login: Login: user=<a...@xyz.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Jul 14 11:06:47 debian postfix/smtpd[4463]: disconnect from localhost[127.0.0.1]
Jul 14 11:06:47 debian dovecot: IMAP(a...@xyz.com): Disconnected: Logged out
#
I have only posted about TLS configuration parameters in Postfix main.cf like below:
smtpd_use_tls=yes
smtpd_tls_cert_file=/etc/ssl/certs/postfix.pem
smtpd_tls_auth_only=yes
If I disable TLS,I have non-security authentication with email client programs(because auth is plain text) so I dont want to disable TLS.
What should i do for use squirrelmail without TLS problem ?
Thanks.
Iyi calismalar.Basarilar...
Istanbul/Turkiye
Eduardo M KALINOWSKI
> Hi all.
> I asked this problem to squirrelmail-users mail list but I could not
> answer about this problem so If it doesn't problem,I want to ask this
> problem to debian users mail list.
>
> I have Debian 4.0 Etch and i use Postfix 2.3.8-2 and Dovecot
> 1.0.rc15-2etch4 IMAP and POP3 Server that is TLS support.I am using
> Mysql for Virtual domain and authentication.
>
> But i have error on browser like this:"Operation now in progress
> Server replied: 115 Can't open SMTP stream." when i try send email on
> squirrelmail.I have not a problem(All Authentication and all rules
> work without any problem) when i use Thunderbird or Evolution.
> I searched this error on google but i can not find beneficial post or
> documents about this problem.
>
> If I dont use TLS parameters on Postfix main.cf
> "Server Setting",squirrelmail dont sent email.
>
> Squirrelmail "Server Setting" configuration like below:
>
> General
> -------
> 2. Invert Time : false
> 3. Sendmail or SMTP : SMTP
>
> SMTP Settings
> -------------
> 5. SMTP Port : 25
> 6. POP before SMTP : false
> 7. SMTP Authentication : login
> 8. Secure SMTP (TLS) : true
> 9. Header encryption key :
>
> and output from mail.log with TLS support like below:
>
> #
> Jul 14 11:05:48 debian postfix/smtpd[4403]: connect from
> Jul 14 11:05:48 debian postfix/smtpd[4403]: lost connection after
> Jul 14 11:05:48 debian postfix/smtpd[4403]: disconnect from
> #
>
> and output from mail.log without TLS support (removed TLS parameters
>
> #
> Jul 14 11:06:46 debian postfix/smtpd[4463]: connect from
> Jul 14 11:06:46 debian postfix/smtpd[4463]: E0ED83781E:
> sasl_username=a...@xyz.com <mailto:a...@xyz.com>
> Jul 14 11:06:46 debian postfix/cleanup[4467]: E0ED83781E:
> message-id=<e6ca13963aa61e59633f...@mail.xyz.com
> lip=127.0.0.1 <http://127.0.0.1>, secured
> Jul 14 11:06:47 debian postfix/smtpd[4463]: disconnect from
> Jul 14 11:06:47 debian dovecot: IMAP(a...@xyz.com <mailto:a...@xyz.com>):
> #
>
> I have only posted about TLS configuration parameters in Postfix
>
> smtpd_use_tls=yes
> smtpd_tls_cert_file=/etc/ssl/certs/postfix.pem
> smtpd_tls_key_file=/etc/ssl/private/postfix.pem
> smtpd_tls_auth_only=yes
>
> If I disable TLS,I have non-security authentication with email client
> programs(because auth is plain text) so I dont want to disable TLS.
>
> What should i do for use squirrelmail without TLS problem ?
It could be that the "Secure SMTP (TLS)" setting means trying to use
TLS/SSL on connect, that is, just after the connection is opened. This
will not work. On port 25, exim uses the STARTTLS convention, in which a
normal unencrypted connection is opened and follows the SMTP protocol
normally, until the client issues the STARTTLS command. The server sends
and "OK" message, and only then the TLS handshake starts.
I don't know how (and if) SquirrelMail can be configured to use
STARTTLS. It is possible, however, to configure exim to listen on
another port using the TLS-on-connect convention.
However, if SquirrelMail and exim are on the same host, connecting via
the loopback interface (which seems to be case, since you specified
127.0.0.1 as the SMTP host), you should not need to worry that the
connections are encrypted.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Semih Gokalp
I don't know how (and if) SquirrelMail can be configured to use STARTTLS. It is possible, however, to configure exim to listen on another port using the TLS-on-connect convention.
i tried but did not work.
However, if SquirrelMail and exim are on the same host, connecting via the loopback interface (which seems to be case, since you specified 127.0.0.1 as the SMTP host), you should not need to worry that the connections are encrypted.
Yes,Squirrelmail and Postfix are on the same host.Yes,I know if i connect to localhost,I dont need TLS but some clients are using Thunderbird so I can not disable TLS support from Postfix main.cf
In addition to I disabled TLS and I configured on either CRAM-MD5* and DIGEST-MD5* authentication and worked without any problem on squirrelmail.
But this time,only (!) DIGEST-MD5 did not work on Thunderbird.CRAM-MD5 worked on Thunderbird.
If i use DIGEST-MD5 mechanism,Thunderbird print error "Your Server doesnt support security authentication...."
Interesting !! I can use DIGEST-MD5 mechanism and login IMAP and SMTP server with Evolution without problem.
This is Thunderbird bug ? or DIGEST-MD5 mechanism could not been sensed by Thunderbird ? anybody have an idea(s) ?
* I read and benefit from http://wiki.dovecot.org/Authentication/PasswordSchemes and http://wiki.dovecot.org/Authentication/Mechanisms sources web address.
Eduardo M KALINOWSKI
> Secure SMTP servers use tcp 465 port by TLS default.Source address:
> http://www.squirrelmail.org/docs/admin/admin-5.html#ss5.5
> i tried but did not work.
>From there, it seems Squirrelmail supports both TLS-on-connect (which
uses port 465) and STARTTLS, which I think is preferred. It does not
make clear how to specify which method is used, though.
To use TLS-on-connect, you must make sure that Postfix is configured to
listen on this port for that kind of connection.
> Yes,Squirrelmail and Postfix are on the same host.Yes,I know if i
> connect to localhost,I dont need TLS but some clients are using
> Thunderbird so I can not disable TLS support from Postfix main.cf
> <http://main.cf/>
Can't Postfix be configured to allow plain text auth only in encrypted
connections OR if the connection comes from localhost?
Another possibility, if SquirrelMail supports is, would be for it to
call the mailer directly (generally, this is done by invoking
/usr/lib/sendmail) instead of making a SMTP connection.
> In addition to I disabled TLS and I configured on either CRAM-MD5* and
> DIGEST-MD5* authentication and worked without any problem on squirrelmail.
> But this time,only (!) DIGEST-MD5 did not work on Thunderbird.CRAM-MD5
> worked on Thunderbird.
> If i use DIGEST-MD5 mechanism,Thunderbird print error "Your Server
> doesnt support security authentication...."
> Interesting !! I can use DIGEST-MD5 mechanism and login IMAP and SMTP
> server with Evolution without problem.
>
> This is Thunderbird bug ? or DIGEST-MD5 mechanism could not been
> sensed by Thunderbird ? anybody have an idea(s) ?
>
> * I read and benefit from
> http://wiki.dovecot.org/Authentication/PasswordSchemes and
> http://wiki.dovecot.org/Authentication/Mechanisms sources web address.
I'm not sure what Thunderbird supports and what it doesn't. But is not
unlikely that some methods are not supported .
--
Morava tão longe, que o carteiro mandava suas cartas pelo correio.
-- Jô Soares
Eduardo M KALINOWSKI
edu...@kalinowski.com.br
http://move.to/hpkb
Thomas Preud'homme
> Thanks for reply.
>
> I don't know how (and if) SquirrelMail can be configured to use STARTTLS.
> It
>
> > is possible, however, to configure exim to listen on another port using
> > the TLS-on-connect convention.
>
> Secure SMTP servers use tcp 465 port by TLS default.Source address:
> http://www.squirrelmail.org/docs/admin/admin-5.html#ss5.5
> i tried but did not work.
>
> However, if SquirrelMail and exim are on the same host, connecting via the
>
> > loopback interface (which seems to be case, since you specified
> > connections are encrypted.
>
> Yes,Squirrelmail and Postfix are on the same host.Yes,I know if i connect
> to localhost,I dont need TLS but some clients are using Thunderbird so I
> can not disable TLS support from Postfix main.cf
>
>
> In addition to I disabled TLS and I configured on either CRAM-MD5* and
> DIGEST-MD5* authentication and worked without any problem on squirrelmail.
> But this time,only (!) DIGEST-MD5 did not work on Thunderbird.CRAM-MD5
> worked on Thunderbird.
> If i use DIGEST-MD5 mechanism,Thunderbird print error "Your Server doesnt
> support security authentication...."
> Interesting !! I can use DIGEST-MD5 mechanism and login IMAP and SMTP
> server with Evolution without problem.
>
> This is Thunderbird bug ? or DIGEST-MD5 mechanism could not been sensed by
> Thunderbird ? anybody have an idea(s) ?
>
> * I read and benefit from
> http://wiki.dovecot.org/Authentication/PasswordSchemes and
> http://wiki.dovecot.org/Authentication/Mechanisms sources web address.
>
>
>
> Iyi calismalar.Basarilar...
> Semih Gokalp
> Istanbul/Turkiye
I had the same problem a month before and during my search I found pages
mentioning thunderbird doesn't support DIGEST-MD5.
--
Thomas Preud'homme
Why debian : http://www.debian.org/intro/why_debian
Semih Gokalp
I had the same problem a month before and during my search I found pages
mentioning thunderbird doesn't support DIGEST-MD5.
So I have to use CRAM-MD5 and disable TLS support from Postfix and everything works without any error.
But still I dont understand,why squirrelmail could not send mail,when I use Postfix with TLS support with any authentication mechanism.(Doesnt matter which i use authentication mechanism)
Still,I am searching page(s) about this problem.
Thanks for helped all replied.