Results 1 to 8 of 8
  1.    #1  
    I am having problems sending mail through a mail server I am hosting. I get the dreaded 'Email Application Alert// Errol sending "Test"'

    I think the issue might be that I am using a self-signed certificate. I have copied the certificate into Certificate Manager, but that doesn't seem to have helped.

    Does anyone have smtp working using a self-signed certificate, or know of a solution.
  2. #2  
    my work uses a self signed certificate and I had to log into the webmail site to trust it before I could add the account to my phone.
  3. #3  
    You've done the import of the cert into the cert manager of the pre and it still doesn't work? If so, then there's something mismatched between them. Hostnames don't match or something. How did you copy it in?
  4. #4  
    i can help. I think i covered this in a post shortly after i joined the forums. Hard to find it using the mobile site, grr.
  5. #5  
    Does SMTP require login? Are you absolutely sure the connection settings are correct? If you haven't already try setting up a desktop client and get it working, then use the same settings on your phone.
    "just like your rims still spin even after your car stops/ then where will you spend eternity after your heart stops huh?"
  6. #6  
    Quote Originally Posted by Ubuntite View Post
    I am having problems sending mail through a mail server I am hosting. I get the dreaded 'Email Application Alert// Errol sending "Test"'

    I think the issue might be that I am using a self-signed certificate. I have copied the certificate into Certificate Manager, but that doesn't seem to have helped.

    Does anyone have smtp working using a self-signed certificate, or know of a solution.
    First,
    the common name in your cert has to be the actual fqdn of your mail server. Just your domain won't work. For example, it has to be mailserver.foo.com, not just foo.com. At least, this is how it happened when I was creating my certificates.

    If using openssl:

    To make certificate authority:

    Code:
    mkdir CA
    cd CA
    mkdir certs crl newcerts private
    echo "01" > serial
    cp /dev/null index.txt
    cp /usr/local/openssl/openssl.cnf.sample openssl.cnf
    vi openssl.cnf   (set values)
    openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365
    -config openssl.cnf

    To make a new certificate:

    Code:
    cd CA        (same directory created above)
    openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 365
    -config openssl.cnf
    
    (certificate and private key in file newreq.pem) To sign new certificate with
    certificate authority:
    
    cd CA        (same directory created above)
    openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
    openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles
    tmp.pem
    rm -f tmp.pem
    
    (newcert.pem contains signed certificate, newreq.pem still contains unsigned
    I then put both my CA's certificate and the mailserver's certificate on the phone.

    And if you happen to be using courier IMAP and Sendmail, this is how you set them up:

    Courier IMAP:
    take your mail server cert and its private key and put them in the same file (I use imapd.pem), and configure imapd-ssl to use that file. Because this file contains your key, you need to properly protect it. To keep my sanity, I just linked everything to where it exists for my sendmail server:
    Code:
    [root@freefall share]# pwd
    /usr/lib/courier-imap/share
    [root@freefall share]# ls -la imapd.pem 
    lrwxrwxrwx    1 root     root           25 Nov  7  2009 imapd.pem -> /etc/mail/certs/imapd.pem
    Sendmail cf stuff (from sendmail.mc):
    Code:
    dnl SMTPAUTH
    define(`confAUTH_OPTIONS', `A,p,y')dnl
    define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
    TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
    
    dnl STARTTLS
    define(`confCACERT_PATH', `/etc/mail/certs')dnl
    define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
    define(`confSERVER_CERT', `/etc/mail/certs/mailcert.pem')dnl
    define(`confSERVER_KEY', `/etc/mail/certs/mailkey.pem')dnl
    define(`confCLIENT_CERT', `/etc/mail/certs/mailcert.pem')dnl
    define(`confCLIENT_KEY', `/etc/mail/certs/mailkey.pem')dnl
    
    dnl Configure ports
    DAEMON_OPTIONS(`Port=25, Name=smtp, M=SA')dnl
    dnl DAEMON_OPTIONS(`Port=2525, Name=smtp_alt, M=SA')dnl
    DAEMON_OPTIONS(`Port=587, Name=submission, M=Ea')dnl
    DAEMON_OPTIONS(`Port=465, Name=smtps, M=sa')dnl
    mailkey.pem is the private key for the mail server. Keep it protected. The above configures smtp auth, and forces authentication on the encrypted ports (submission and smtps). It does not allow authentication in the clear (keeps me from accidentally doing that when testing a new client!). You don't need the smtps port unless you are using M$ outlook clients to get to your server.
    Last edited by knobbysideup; 06/24/2010 at 03:39 PM.
    : (){:|:&};:
  7. #7  
    I used a nice little freeware called "SSL Certificate Downloader" from SSL Cert Downloader : Command-line Tool to Grab SSL Certificate from Remote Server to download SSL certificate from smtp server "smtp.domain.co.in" which was otherwise very difficult to get unless you adopt knobbysideup's method.

    Hope this helps others.
    Palm III> Visor> Visorphone> Treo 180> 270> 600> 650> 680> Centro> HTC Tilt> BB-8310> Pixi-Plus> Pre 3
    Touchpad 16GB
  8. #8  
    Thanks! Maybe this will help those certificate issues that have been cropping up lately.

Posting Permissions