Control Web Panel
WebPanel => E-Mail => Topic started by: mohdeek on May 14, 2020, 01:10:28 PM
-
Hello,
I have tried to connect my email on gmail, but gmail can't connect through TLS or SSL ports, I. had to use no certificate and connect it on port 25, until then it worked. However, I would like to know how can I connect it normally with TLS or SSL.
My hostname is set and I have A records for it. I have also installed certificate and it should be working fine.
-
Gmail is tempermental to say the least. I have to connect via TLS to the hostname, as google doesn't not send the "Servername" with the connections for SANS to work.
-
I even tried to do this by connecting smtp in wordpress, but I still can't I had to do it through port 25. Do you have any idea or suggestion on how to fix this?
Also another issue, the email sending through smtp is really slow, but when I send directly from roundcloud, then its faster
-
Make sure the firewall is open. As for slow sending, roindcube uses phpmail, whole clients have to route through postfix. Bit it shouldn't take too long unless there is an issue.
-
I can see the port 465 is listed in TCP IN, but not in OUT. Could that be the issue?
What else should i check in the firewall?
-
From google i get this error:
Server returned error: "TLS Negotiation failed, the certificate doesn't match the host., code: 0"
-
What "mail servers" are you using? Hostname, or mail.domain.com
-
I am using hostname, in my case its panel.domain.com
-
So you "Hostname" is panel.domain.com?
In my example:
Hostname: server3.schaffner.org
domain: schaffner.org
in gmail, I can't use mail.schaffner.org, as GM doesn't forward a "ServerName" request. I have to use server3.schaffner.org as both incoming and outgoing, as postfix's default ssl certificate (NON SANS) is the hostname cert
-
in my example:
domain: uxiology.com
hostname: panel.uxiology.com
with gmail i use panel.uxiology.com
but i use non secured connection with port 25. I am trying to optimize it to go with secured connection
-
openssl s_client -showcerts -connect panel.uxiology.com:995
openssl s_client -showcerts -connect panel.uxiology.com:465
check the output of the above 2 commands. Specifically look at the Cert Name info
-
i get the following for both commands:
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
-
Verify return code: 18 (self signed certificate)
Can't be self signed with Crapgle.
Goto "Change Hostname" and make sure autossl is selected to get a cert from LetsEncrypt
-
I have checked the return code and it says (0)
I also checked the page in hostname and it shows every checkbox is selected, you can see the image below.
https://imgur.com/U7AOaB0
As for lets encrypt certificates, I'm seeing the following:
https://imgur.com/DyIkPbi
-
grep "Error" /root/.acme.sh/cwp_certs/acme.sh.log
grep "panel.uxiology.com" /root/.acme.sh/cwp_certs/acme.sh.log
acme.sh --config-home /root/.acme.sh/cwp_certs/ --list
-
I ran the command through ssh and i got (No such file or directory)
I also looked up the file in file manager, but i still can't find it
-
/scripts/install_acme
Then try saving hostname again
-
this is what I have received:
acme.sh --config-home /root/.acme.sh/cwp_certs/ --list
Main_Domain KeyLength SAN_Domains Created Renew
panel.uxiology.com "2048" no Fri May 15 08:55:15 UTC 2020 Tue Jul 14 08:55:15 UTC 2020
www.uxiology.com "" uxiology.com,mail.uxiology.com,ftp.uxiology.com,cpanel.uxiology.com,webmail.uxiology.com Fri May 15 08:59:27 UTC 2020 Tue Jul 14 08:59:27 UTC 2020
You have new mail in /var/spool/mail/root
--------
grep "Error" /root/.acme.sh/cwp_certs/acme.sh.log
grep: /root/.acme.sh/cwp_certs/acme.sh.log: No such file or directory
You have new mail in /var/spool/mail/root
-------
grep "panel.uxiology.com" /root/.acme.sh/cwp_certs/acme.sh.log
grep: /root/.acme.sh/cwp_certs/acme.sh.log: No such file or directory
-------
/scripts/install_acme
Acme installation folder already exists
and I saved hostname, but nothing happened
-
Now that you have a valid cert, Gmail should work.
-
Thanks a lot, it works fine now :D