From: Pierre Frenkiel <pierre.frenkiel@laposte.net>
  To  : markus schnalke <meillo@marmaro.de>
  Date: Sun, 26 Apr 2009 15:47:15 +0200 (CEST)

Re: openssl problem (was: [masqmail] is this list still active?)

On Fri, 27 Mar 2009, markus schnalke wrote:
>                                  How do you receive this error? I
> guess it's in the log.
    yes. here it is

     =========================================================================
     2009-04-26 14:57:23 [32623] 1Ly3v9-8UB-00 <= <frenkiel@pfr2.frenkiel-hure.net> with local
    2009-04-26 14:57:23 [32624] detected online configuration apc
    2009-04-26 14:57:23 [32624] 1Ly3v9-8UB-00 using '/local/etc/masqmail/apc.route'
    2009-04-26 14:57:23 [32624] host=laposte.net got unexpected response: depth=2 /C=FR/O=CNRS/CN=CNRS
    2009-04-26 14:57:23 [32624] could not open failure message template /usr/share/masqmail/tpl/failmsg.tpl: No such file or directory
     =========================================================================

   I don't understand why it can't open the failmsg.tpl, as it is actually there.

   and here is the apc.route file
   ==========================================================================
     protocol = smtp
    set_h_from_domain = apc.univ-paris7.fr
    expand_h_sender_address = true
    connect_error_fail = true
    do_pipelining = true
    auth_name = "login"
    auth_login = "xxxxxxxx"
    auth_secret = "yyyyyyyy"
    wrapper = "/usr/bin/openssl s_client -CAfile /etc/ssl/certs/ca-bundle.crt -connect srelay.in2p3.fr:465"
   ==========================================================================

   and here is masqmail.conf
   ==========================================================================
    # debconf.  Instead, make changes after the "### END DEBCONF SECTION" line.
    host_name="pfr2"
    local_hosts="localhost;pfr2"
    local_nets=""
    listen_addresses=""
    spool_dir="/var/spool/masqmail"
    mail_dir="/var/mail"
    log_dir="/var/log/masqmail"
    do_queue=false
    use_syslog=false
    online_detect=file
    online_file="/var/run/masqmail-route"
    mbox_default=mbox
    mda="/bin/cat"
    alias_file=/etc/aliases
    alias_local_caseless="false"
    ### END DEBCONF SECTION
    #
    # include the locations of your route and get configurations here.
    # Examples:
    # online_routes.default = "/etc/masqmail/default.route"
    # online_gets.default = "/etc/masqmail/default.get"
    # You can have more of those, with '.default' replaced with other
    # names. See man 8 masqmail.conf.
    #
    errmsg_file=/usr/share/masqmail/tpl/failmsg.tpl
    debug_level=6
    host_name="pfr2.frenkiel-hure.net"
    local_hosts="localhost;pfr2;pfr2.frenkiel-hure.net"
    online_routes.free="/local/etc/masqmail/free.route"
    online_routes.free_apc = "/local/etc/masqmail/free_apc.route"
    online_routes.apc="/local/etc/masqmail/apc.route"
   ==========================================================================

> I don't understand the different behavior between inside and outside
> the domain, because if you use the same masqmail route, the message
> should be appear, too.
   no, because from inside a domain, one can generally use the corresponding smtp
   server without authentication .
   From outside, it's different, as it is relaying, which is generally
   forbidden.

> Could you please run the (above mentioned) openssl command (without
> the stderr redirect) within and outside of the domain and post the
> output, so I can compare.
   Here is, as attached file, the output of the command from outside.
   I'll send the output from inside to-morrow, but I'm not sure it is
   useful, as I didn't find up to now how to authenticate in an
   interactive "openssl s_client" session.

cheers,
-- 
Pierre Frenkiel
openssl_output