[Pkg-dspam-misc] Bug#698732: dspam external map does not work with TLS enabled
Jason
jason.johnson.081 at gmail.com
Sat Mar 2 08:34:32 UTC 2013
I think we've already figured it out. The problem is that DSPAM currently only supports TLS via STARTTLS but I'm using ldaps which is a different protocol. I would have submitted a patch already but I currently don't have a Linux dev environment to do the build on (only a server which, for security reasons I don't want things like compilers on).
All that needs to happen is the field where you specify "ldap" or "database" needs to also accept "ldaps" and put what ever is in that field as the schema. Then the ldap library will do the right thing.
Sent from my iPhone
On Feb 22, 2013, at 8:03 PM, "Thomas Preud'homme" <robotux at debian.org> wrote:
> Le samedi 2 février 2013 22:25:51, Jason Johnson a écrit :
>> I've just tried another test here and seen what looks like a problem. If I
>> point spam to an openssl test connection it fails in the following way.
>>
>> root at myserver:~# openssl s_server -accept 989 -cert
>> /etc/ssl/certs/myserver_ldap_cert.pem -key
>> /etc/ssl/private/myserver_ldap_key.pem
>> Using default temp DH parameters
>> Using default temp ECDH parameters
>> ACCEPT
>> ERROR
>> 7447:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>> protocol:s23_srvr.c:578:
>> shutting down SSL
>> CONNECTION CLOSED
>> ACCEPT
>>
>> This looks like DSPAM doesn't speak the right protocol, no?
>
> Hi Jason,
>
> sorry for the delay. Could you run the same test by adding -msg (hopefully -
> debug won't be needed). I'd like to see what are the messages sent by dspam.
>
> Thanks a lot.
>
> Thomas
More information about the Pkg-dspam-misc
mailing list