1 Topic by purathal

  • purathal
  • Member
  • Offline
  • Registered: 2016-05-31
  • Posts: 43

Topic: SMTP doesn't work with the new SSL cert setup

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  0.9.5-1
- Linux/BSD distribution name and version:  CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: /var/log/maillog
====

I recently bought a Comodo SSL certificate, installed it by following the instructions from the below link. http://www.iredmail.org/docs/use.a.boug … icate.html

When I try to send an email now (using RoundCube) I get a "SMTP Error (454): Authentication failed." error.  I indeed verified and the following file does exist where it shows in the log "No such file or directory". The bundle file does not have a file extension.

I tried enabling and disabling (by commenting out) the line: smtpd_use_tls='yes' in the postfix config file with no luck. Restarted the service/server several times.

Any help to fix this issue would be greatly appreciate.

Checking the /var/log/maillog shows me the following:

May 30 15:33:50 SERVERNAME postfix/postfix-script[5181]: starting the Postfix mail system
May 30 15:33:50 SERVERNAME postfix/master[5183]: daemon started -- version 2.10.1, configuration /etc/postfix
May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: cannot load Certificate Authority data: disabling TLS support
May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: warning: TLS library problem: 5234:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen(''/etc/pki/tls/certs/mail_mydomain_com.ca-bundle_2016'','r'):
May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: warning: TLS library problem: 5234:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: warning: TLS library problem: 5234:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:281:
May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: connect from localhost[127.0.0.1]
May 30 15:37:41 SERVERNAME postfix/cleanup[5237]: 12F98504160: message-id=<20160530193741.12F98504160@MAIL.MYDOMAIN.COM>
May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: disconnect from localhost[127.0.0.1]
May 30 15:37:41 SERVERNAME postfix/qmgr[5185]: 12F98504160: from=<double-bounce@MAIL.MYDOMAIN.COM>, size=862, nrcpt=1 (queue active)
May 30 15:37:41 SERVERNAME roundcube: <ch83acho> SMTP Error: Authentication failure: Invalid response code received from server (Code: 454) in /var/www/roundcubemail-1.2.0/program/lib/Roundcube/rcube.php on line 1595 (POST /mail/?_task=mail&_unlock=loading1464637060801&_lang=en_US&_framed=1&_action=send)
May 30 15:37:41 SERVERNAME postfix/cleanup[5237]: 1CD4B50416F: message-id=<20160530193741.12F98504160@MAIL.MYDOMAIN.COM>
May 30 15:37:41 SERVERNAME postfix/local[5241]: 12F98504160: to=<postmaster@MAIL.MYDOMAIN.COM>, relay=local, delay=0.05, delays=0.03/0.02/0/0.01, dsn=2.0.0, status=sent (forwarded as 1CD4B50416F)
May 30 15:37:41 SERVERNAME postfix/qmgr[5185]: 1CD4B50416F: from=<double-bounce@MAIL.MYDOMAIN.COM>, size=1002, nrcpt=1 (queue active)
May 30 15:37:41 SERVERNAME postfix/qmgr[5185]: 12F98504160: removed
May 30 15:37:41 SERVERNAME postfix/pipe[5242]: 1CD4B50416F: to=<postmaster@mydomain.com>, relay=dovecot, delay=0.09, delays=0/0.01/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service)
May 30 15:37:41 SERVERNAME postfix/qmgr[5185]: 1CD4B50416F: removed
May 30 15:40:54 SERVERNAME clamd[1120]: SelfCheck: Database status OK.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP doesn't work with the new SSL cert setup

purathal wrote:

May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: warning: TLS library problem: 5234:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen(''/etc/pki/tls/certs/mail_mydomain_com.ca-bundle_2016'','r'):

File doesn't exist at all, please fix this.
If you don't have a CA file, comment out Postfix setting "smtpd_tls_CAfile", restart Postfix and try again.

3 Reply by purathal

  • purathal
  • Member
  • Offline
  • Registered: 2016-05-31
  • Posts: 43

Re: SMTP doesn't work with the new SSL cert setup

ZhangHuangbin wrote:
purathal wrote:

May 30 15:37:41 SERVERNAME postfix/submission/smtpd[5234]: warning: TLS library problem: 5234:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen(''/etc/pki/tls/certs/mail_mydomain_com.ca-bundle_2016'','r'):

File doesn't exist at all, please fix this.
If you don't have a CA file, comment out Postfix setting "smtpd_tls_CAfile", restart Postfix and try again.

Thanks for your reply. Actually it turned out to be an error in the postfix config file where I enclosed each SSL configuration line within single quote. After I removed the quotes and restarted postfix everything seem to be OK.

Slightly on a different topic - So I have my Android phone configured with Exchange ActiveSync. Currently under "server settings"  (on my phone for the mailbox that I have it configured), it is set to to the following:

"Use secure connection (SSL)"  - option enabled
"Accept all SSL cerficates" - option enabled
Port: 443

If I try unchecking the option "Accept all SSL certificates" then the phone fails to connect to the server. Could it be a signal the SSL isn't configured correctly for SoGO? Since, I am using the Comodo certificate (and not the default self-signed cert) I thought I don't need the above option enabled. Any idea?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP doesn't work with the new SSL cert setup

purathal wrote:

If I try unchecking the option "Accept all SSL certificates" then the phone fails to connect to the server.

ActiveSync should be https all the time.

5 Reply by purathal

  • purathal
  • Member
  • Offline
  • Registered: 2016-05-31
  • Posts: 43

Re: SMTP doesn't work with the new SSL cert setup

ZhangHuangbin wrote:
purathal wrote:

If I try unchecking the option "Accept all SSL certificates" then the phone fails to connect to the server.

ActiveSync should be https all the time.

I understand HTTPS is required for ActiveSync. And, that's why "Use secure connection (SSL)" is enabled on my phone.

But, my concern is about the second option where it says "Accept all SSL Certifications" - Why do I have to keep "Accept all SSL certificates" option enabled on my phone though I am now using a certificate authority (Comodo) issued SSL cert instead of the default self-signed certificate on my server. Does that mean my phone doesn't trust the Comodo SSL cert <OR> is there something isn't configured correctly on the server side ( with SOGO) to utilize the new SSL properly?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SMTP doesn't work with the new SSL cert setup

I'm afraid that i cannot answer this question. It depends on how it works in Android app, but obviously it's not designed by me, i don't clearly know how it works.

I guess it just means accepting ssl cert or not.

7 Reply by purathal

  • purathal
  • Member
  • Offline
  • Registered: 2016-05-31
  • Posts: 43

Re: SMTP doesn't work with the new SSL cert setup

No problem. I can live with that option enabled. Thanks for answering me all the questions thus far..