Subject: The mailing list for listmasters using Sympa
List archive
- From: Redmond Militante <address@concealed>
- To: Olivier Salaün - CRU <address@concealed>
- Cc: Redmond Militante <address@concealed>, address@concealed
- Subject: [sympa-users] Re: Re: Re: X509 user certs
- Date: Tue, 7 Nov 2006 14:45:24 -0600
Thanks for your help.
Excerpt of our sympa.conf is as follows
###\\\\ S/MIME pluggin ////###
## Path to OpenSSL
## Sympa knowns S/MIME if openssl is installed
# was openssl
openssl /usr/bin/openssl
## The directory path use by OpenSSL for trusted CA certificates
# capath /home/sympa/etc/ssl.crt
## This parameter sets the all-in-one file where you can assemble the
Certificates of Certification Authorities (CA)
cafile /home/sympa/bin/etc/ca-bundle.crt
## User CERTs directory
ssl_cert_dir /home/sympa/expl/X509-user-certs
## Password used to crypt lists private keys
# key_passwd your_password
key_passwd your_password
We've restarted sympa after making these changes.
Output of sympa.pl in debug mode:
Processing
/address@concealed with
priority 5
DoFile(/address@concealed)
Message::new(/address@concealed,)
List::new(test1103, sympadev2.uchicago.edu, )
List::load(test1103, sympadev2.uchicago.edu, )
tools::smime_sign_check (message, address@concealed,
/address@concealed)
Verification failure
6377:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify
error:pk7_smime.c:222:Verify error:certificate is not yet valid
Unable to check S/MIME signature : an error occurred decrypting or verifying
the message
Processing
/address@concealed ;
sender: rjm <address@concealed>
; message-id: <address@concealed>
List::new(test1103, sympadev2.uchicago.edu, )
List::load(test1103, sympadev2.uchicago.edu, )
Scan virus in
/address@concealed
Sympa not configured to scan virus in message
DoMessage(address@concealed, MIME::Entity=HASH(0x9de21b4),
sympadev2.uchicago.edu, msg from address@concealed, 5712, X-Sympa-To:
address@concealed
Received: from relay00.uchicago.edu (relay00.uchicago.edu [128.135.12.75])
by sympadev2.uchicago.edu (8.13.1/8.13.1) with ESMTP id k9O5b6or006373
for <address@concealed>; Tue, 24 Oct 2006 00:37:06 -0500
Received: from [128.135.0.140] (bronyaur.uchicago.edu [128.135.0.140])
by relay00.uchicago.edu (8.13.8/8.12.9) with ESMTP id kA7KfJDr003853
for <address@concealed>; Tue, 7 Nov 2006 14:41:19 -0600
(CST)
Message-ID: <address@concealed>
Date: Tue, 07 Nov 2006 14:41:19 -0600
From: rjm <address@concealed>
User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909)
MIME-Version: 1.0
To: address@concealed
Subject: test5
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms070706010502060009010007"
This is a cryptographically signed message in MIME format.
--------------ms070706010502060009010007
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test5
--------------ms070706010502060009010007
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH
AQAAoIII/zCCAtowggJDoAMCAQICECTd2N1lHkD0VUtVIkc7l4cwDQYJKoZI
hvcNAQEFBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25z
dWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MTEwMzIyMDIxOFoXDTA3MTEwMzIy
MDIxOFowQjEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEfMB0G
CSqGSIb3DQEJARYQcmptQHVjaGljYWdvLmVkdTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAObRYHpkxGzBfzTyWOyPdDgUEfPkm5S68Xn0UnQ6
Syjni8gquupca1++HaGopLBAYnD7OsB5POMvVP4bhcP53m2f/WYM/BsMRO/4
rPHzoZx7snZWzlDv8uOnkR68whDA+iw88SujRKQQLKcj9d2C4JinUgJmbIaa
2yKXF/Ih2147yGoc8VHB7mw5gHCV5ZjZ2XrV+FJRR6I1F3rvNa5W3Q8TFm61
qdfZgP3feAUqy1DTJ8p3QnmWkXuMCU0h7yKQA6T32hvvAlwxdV41vj1qMj4M
Ii9s6KT5531Ob/wbU04fca83pgMhvDK3emmsl8ddB6ssypIxWeEcZUuqlFZM
5UkCAwEAAaMtMCswGwYDVR0RBBQwEoEQcmptQHVjaGljYWdvLmVkdTAMBgNV
HRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBALLmWIELYFnJZQTshysZcb22
2Meg+LORTJTcTSkU0g1PwxDsGNPqymCbMw2nvjJT1jND38thXZsSBZw7n8EY
j/8wm50UAcbAIHgrPhJC+UUCp6cN75ATBvS3pPyeSQZ0oZqJONwPE7bEh1LK
O6wZWfPqvq3TRhvTuoNfP2jmFSItMIIC2jCCAkOgAwIBAgIQJN3Y3WUeQPRV
S1UiRzuXhzANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDYxMTAzMjIw
MjE4WhcNMDcxMTAzMjIwMjE4WjBCMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1h
aWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhByam1AdWNoaWNhZ28uZWR1MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tFgemTEbMF/NPJY7I90
OBQR8+SblLrxefRSdDpLKOeLyCq66lxrX74doaiksEBicPs6wHk84y9U/huF
w/nebZ/9Zgz8GwxE7/is8fOhnHuydlbOUO/y46eRHrzCEMD6LDzxK6NEpBAs
pyP13YLgmKdSAmZshprbIpcX8iHbXjvIahzxUcHubDmAcJXlmNnZetX4UlFH
ojUXeu81rlbdDxMWbrWp19mA/d94BSrLUNMnyndCeZaRe4wJTSHvIpADpPfa
G+8CXDF1XjW+PWoyPgwiL2zopPnnfU5v/BtTTh9xrzemAyG8Mrd6aayXx10H
qyzKkjFZ4RxlS6qUVkzlSQIDAQABoy0wKzAbBgNVHREEFDASgRByam1AdWNo
aWNhZ28uZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAsuZY
gQtgWcllBOyHKxlxvbbYx6D4s5FMlNxNKRTSDU/DEOwY0+rKYJszDae+MlPW
M0Pfy2FdmxIFnDufwRiP/zCbnRQBxsAgeCs+EkL5RQKnpw3vkBMG9Lek/J5J
BnShmok43A8TtsSHUso7rBlZ8+q+rdNGG9O6g18/aOYVIi0wggM/MIICqKAD
AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UE
CBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoT
EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
cnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJl
ZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRo
YXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw
CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp
bmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZ
Wh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO
3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNen
prufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T
AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8E
BAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDIt
MTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FD
lpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4l
UJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC
3CEZNd4ksdMdRv9dX2VPMYIDZDCCA2ACAQEwdjBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECECTd2N1l
HkD0VUtVIkc7l4cwCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqG
SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYxMTA3MjA0MTE5WjAjBgkqhkiG
9w0BCQQxFgQUeRi0/t5NFwZRFhp+TjTFUkcdlFUwUgYJKoZIhvcNAQkPMUUw
QzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAw
BwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjEL
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkp
IEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1
aW5nIENBAhAk3djdZR5A9FVLVSJHO5eHMIGHBgsqhkiG9w0BCRACCzF4oHYw
YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJ
c3N1aW5nIENBAhAk3djdZR5A9FVLVSJHO5eHMA0GCSqGSIb3DQEBAQUABIIB
AHPas1A41df9gsRX0S/9z4U7Ev4m+/pfN6LCt4CjL7+u5zOOKGX3CLubNwyB
pkhEXeVQs6o5q6mFFs8pyiwaGSBg197GdFou1TE8jvecHcD9MC1W01ur5qzW
PpaTlap9WgF2LYDDYYukzUB/d9M/ZUZbvAcNxsbtOnksqOKsprFrh3brPCUy
zFXhTYIUz8YOH2muKnNxTkOJViJvHiGPf2MYyF16C9ZfIdRPYNNVvZnGwDHf
RCc1DmDgpnZzoiSm3NzEDbmNqVtaKXvo7ozwIGVHnjneaBZyuTpoFwKs92j/
hJp5PlvIzJUQzuIYoznWzVZl5fnrUQxUXpMskQubgYcAAAAAAAA=
--------------ms070706010502060009010007--
,)
List::new(test1103, sympadev2.uchicago.edu, )
List::load(test1103, sympadev2.uchicago.edu, )
Language::SetLang(en_US)
Processing message for test1103 with priority 5,
<address@concealed>
List::check_list_authz send,smtp
List::request_action send,smtp,sympadev2.uchicago.edu
List::new(test1103, sympadev2.uchicago.edu, )
List::load(test1103, sympadev2.uchicago.edu, )
List::new(test1103, sympadev2.uchicago.edu, )
List::load(test1103, sympadev2.uchicago.edu, )
Message for test1103 from address@concealed rejected() because sender not
allowedList::send_file(message_report, address@concealed,
sympadev2.uchicago.edu)
List::get_user_db(address@concealed)
tools::decrypt_password (uvfavu)
List::get_subscriber(address@concealed)
List::get_first_admin_user(test1103,owner,domain,0,0)
Got lock for read on /home/sympa/expl/test1103/include_admin_user.lock
SQL: SELECT user_admin AS email, comment_admin AS gecos, reception_admin AS
reception, UNIX_TIMESTAMP(date_admin) AS date, UNIX_TIMESTAMP(update_admin)
AS update_date, info_admin AS info, profile_admin AS profile,
subscribed_admin AS subscribed, included_admin AS included,
include_sources_admin AS id, REVERSE(SUBSTRING(user_admin FROM position('@'
IN user_admin) FOR 50)) AS dom FROM admin_table WHERE (list_admin =
'test1103' AND robot_admin = 'sympadev2.uchicago.edu' AND role_admin =
'owner' ) ORDER BY dom
List::get_next_admin_user
Release lock on /home/sympa/expl/test1103/include_admin_user.lock
mail::mail_file(/home/sympa/bin/etc/mail_tt2/message_report.tt2,
address@concealed, )
Language::PushLang(en_US)
Language::SetLang(en_US)
Language::SetLang(en_US)
Language::PopLang()
Language::SetLang(en_US)
mail::smtpto(address@concealed, address@concealed, )
Moving bad file address@concealed to bad/
Language::SetLang(en_US)
List::init_list_cache()
Reaper unwaited pids : 6378
Open = 1
+++ Olivier Salaün - CRU <address@concealed> [06/11/07 10:27]:
> Redmond,
>
> Did you configure the 'openssl' and 'cafile' ('capath') sympa.conf
> parameters ?
> Did you restart Sympa processes afterward ?
>
> If problem persists, please run sympa.pl in debug mode (-d) and provide
> us with the output.
>
> Redmond Militante wrote:
> >I'm testing out S/MIME authentication in sympa and am having trouble
> >getting it to work.
> >
> >I've been following the instructions at
> >
> >http://www.sympa.org/doc/html/node27.html
> >
> >to allow sympa to use S/MIME, I've configured a list for
> >send.private_smime. I've applied for a free personal S/MIME email
> >certificate from Thawte, and have configured Thunderbird to sign messages
> >using this certificate.
> >
> >When I send the message to the list, I get a message rejected letter just
> >as if I would have sent the email unsigned. Am I missing any steps?
> >
--
Redmond Militante / NSIT / The University of Chicago
PGP Public Key: <http://home.uchicago.edu/~rjm/pubkey.asc>
-
[sympa-users] Re: X509 user certs,
Redmond Militante, 11/03/2006
-
[sympa-users] Re: Re: X509 user certs,
Olivier Salaün - CRU, 11/06/2006
-
[sympa-users] Re: Re: Re: X509 user certs,
Redmond Militante, 11/07/2006
-
[sympa-users] Re: Re: Re: Re: X509 user certs,
serge . aumont, 11/08/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Redmond Militante, 11/08/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Serge Aumont, 11/09/2006
- [sympa-users] Re: Re: Re: Re: Re: Re: X509 user certs, Redmond Militante, 11/09/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Serge Aumont, 11/09/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Redmond Militante, 11/08/2006
-
[sympa-users] Re: Re: Re: Re: X509 user certs,
serge . aumont, 11/08/2006
-
[sympa-users] Re: Re: Re: X509 user certs,
Redmond Militante, 11/07/2006
-
[sympa-users] Re: Re: X509 user certs,
Olivier Salaün - CRU, 11/06/2006
Archive powered by MHonArc 2.6.19+.