| View previous topic :: View next topic |
| Author |
Message |
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 431
Location: Leeds
|
 Posted: Thu Apr 01, 2010 4:03 am Post subject: exim smtp failover not working [SOLVED] |
 |
|
Hi,
I've been at this for almost a week and have exhausted my knowledge, sanity and the vast expanses of the tinterweb.
In short: I have created a 2 node cluster (bind, dhcp, exim, dovecot, apache) using heartbeat. The master server works perfect  and for the most part, so does the failover, except for smtps. The failover is obviously just a mirror of the master. And as such, the configs for everything are just copied over (with obvious adjustments). The issue I have is, exim is configured for smtps (port 465). The certs are copied from the master (also tried generating new ones with the same results). Whenever I try to send an mail from the failover, I get the following message:
| Code: | /var/log/exim/main.log
2010-04-01 04:42:25 TLS error on connection from laptop.cdstealer.com [XXX.XXX.XXX.XXX] (cert/key setup: cert=/path/to/email/server.crt key=/path/to/email/server.key): Error while reading file. |
Has anyone come across this before?
Last edited by cdstealer on Wed Jun 09, 2010 10:20 am; edited 1 time in total |
|
| Back to top |
|
 |
Mad Merlin
Veteran
Joined: 09 May 2005
Posts: 1155
|
| Posted: Thu Apr 01, 2010 3:37 pm Post subject: |
|
|
Certainly for HTTPS TLS/SSL, the hostname is a part of the certificate, and that's probably also true here. Do you have a certificate for a single host (rather than a wildcard certificate) and the failover has a different hostname than the master?
_________________
Game! - Where the stick is mightier than the sword! |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 431
Location: Leeds
|
| Posted: Thu Apr 01, 2010 3:50 pm Post subject: |
|
|
Hi Mad Merlin,
The hostnames are different. I can almost guarantee that this *will* be something really stupid (PEBKAC). But I just can't seem to see the wood for the trees 
The certs are just self signed.. just for encryption
I've tried generating for hostname, the FQDN of the VIP and wildcard.
| Code: | | openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout server.key -out server.crt |
I doubt this is a problem with the certs as dovecot is using the same ones and that is working with out issue.
| Code: | # openssl s_client -crlf -connect XXX.XXX.XXX.XXX:465
CONNECTED(00000003)
write:errno=104 |
| Code: | # exim -C /etc/exim/exim.conf -bV
Exim version 4.71 #1 built 31-Mar-2010 08:08:28
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.7.25: (2010-03-28)
Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers GnuTLS Content_Scanning DKIM Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch mysql passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 4
GnuTLS compile-time version: 2.8.5
GnuTLS runtime version: 2.8.5
Configuration file is /etc/exim/exim.conf |
|
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 431
Location: Leeds
|
| Posted: Wed Jun 09, 2010 10:19 am Post subject: |
|
|
| Yay.. decided to put my analytical head on. My cert files had the wrong perms. They had 644 (rw-r--r--) when they needed to be 444 (r--r--r--). Which to be honest I don't full understand as the certs on the master have 644 perms.. confused? you bet your bottom dollar I am. But at least its working. |
|
| Back to top |
|
|
|
Networking & Security
