Author Topic: Can't connect to smtp (postfix) via SSL from sites on the VPS  (Read 13626 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
Hi,


I'm using a VPS on Hetzner, and am trying to force wordpress using SMTP to send emails.
Of course I've created a mail address and it's working fine with non secure connection (port 25). I can even connect to the smtp via SSL from outside the server (tested with 3rd part test sites), but when configuring Wordpress with plugins like WP Mail SMTP I'm getting an error.


I just don't want to reveal my domain, so I've change my hostname to hostname.domain.com and domain to domain.com. I've also hide the full IP.


The problem that I believe I'm facing is that the site is presented as hostname.domain.com.domain.com.domain.com? Why is that happening?


Here's the log:


Quote
Apr  9 19:59:10 cwp postfix/smtpd[5488]: connect from hostname.domain.com.domain.com.domain.com[xxx.69.16.xxx]
Apr  9 19:59:10 cwp postfix/smtpd[5488]: SSL_accept error from hostname.domain.com.domain.com.domain.com[xxx.69.16.xxx]: 0
Apr  9 19:59:10 cwp postfix/smtpd[5488]: warning: TLS library problem: 5488:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48:
Apr  9 19:59:10 cwp postfix/smtpd[5488]: lost connection after CONNECT from hostname.domain.com.domain.com.domain.com[xxx.69.16.xxx]
Apr  9 19:59:10 cwp postfix/smtpd[5488]: disconnect from hostname.domain.com.domain.com.domain.com[xxx.69.16.xxx]

And here's the log when I'm trying to send an email from a 3rd party site to my gmail via the same smtp account:


Quote
Apr  9 20:21:16 cwp postfix/smtpd[9061]: connect from ec2-54-184-121-130.us-west-2.compute.amazonaws.com[54.184.121.130]
Apr  9 20:21:16 cwp postfix/smtpd[9061]: Anonymous TLS connection established from ec2-54-184-121-130.us-west-2.compute.amazonaws.com[54.184.121.130]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Apr  9 20:21:17 cwp postfix/smtpd[9061]: 68997211CD: client=ec2-54-184-121-130.us-west-2.compute.amazonaws.com[54.184.121.130], sasl_method=PLAIN, sasl_username=wordpress@domain.com
Apr  9 20:21:18 cwp postfix/cleanup[9068]: 68997211CD: message-id=<RNC99NZP77U4.P9KBG3TRCYL33@WIN-AUIR3RRGP88>
Apr  9 20:21:18 cwp postfix/qmgr[700]: 68997211CD: from=<wordpress@domain.com>, size=594, nrcpt=1 (queue active)
Apr  9 20:21:18 cwp postfix/smtpd[9061]: disconnect from ec2-54-184-121-130.us-west-2.compute.amazonaws.com[54.184.121.130]
Apr  9 20:21:18 cwp postfix/smtp[9070]: 68997211CD: to=<myaccount@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b]:25, delay=1.2, delays=0.63/0.02/0.16/0.35, dsn=2.0.0, status=sent (250 2.0.0 OK  1554830478 q9si21374230wrm.250 - gsmtp)


Would appreciate any help!
« Last Edit: April 09, 2019, 05:24:30 PM by ring_c »

Offline
*
Re: Can't connect to smtp (postfix) via SSL from sites on the VPS
« Reply #1 on: April 09, 2019, 06:31:15 PM »
Try to :

1. Generate your hostname to get SSL working
Quote
CWP.admin > Servers Setting > Change Hostname

2. Then generate MailServer
Quote
CWP.admin > Email > Mail Server Manager

Offline
**
Re: Can't connect to smtp (postfix) via SSL from sites on the VPS
« Reply #2 on: April 09, 2019, 06:44:31 PM »
I've already checked that yesterday and rebuilt the mailserver in any case.
My hostname is set as hostname.domain.com - I think that's the correct way. Correct?

Offline
**
Ok, I've solved this after so long... I'll write down how for those who're facing the same.
First, as a CWP Pro user, I've opened a ticket on the issue. Unfortunately, nothing came out of it (they've sent me to my host, don't ask me why). So... after self learning and investigating, and many fails and errors, here's what saved the issue:


1. I've found accidentally that my /etc/hosts file was totally wrong. Here's how it was:


Code: [Select]
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 hostname.domain.com.domain.com.domain.com.domain.com.domain.com.domain.com hostname.domain.com.domain.com.domain.com.domain.com.domain.com.domain.com
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost4.localdomain4 localhost4

# The following lines are desirable for IPv6 capable hosts
::1 hostname.domain.com.domain.com.domain.com.domain.com.domain.com.domain.com hostname.domain.com.domain.com.domain.com.domain.com.domain.com.domain.com
::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

127.0.0.1 hostname.domain.com.domain.com.domain.com.domain.com.domain.com.domain.com
127.0.0.1 autoreply.hostname.domain.com.domain.com.domain.com.domain.com.domain.com.domain.com
xxx.69.16.xxx   hostname.domain.com.domain.com.domain.com.domain.com.domain.com


Here's how it is now, fixed:
Code: [Select]
# IPv4
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

# IPv6
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# put your IP address and your hostname and aliases below
xxx.69.16.xxx   hostname.domain.com hostname


Ok. that removed the first 2 lines in my initial error log. But left me with the SSL error:
Code: [Select]
warning: TLS library problem: 5488:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48:


2. After looking for so long all around, I knew something in my configuration is not pointing to the correct CA SSL certification but didn't really know how to fix it with the correct one. Then I found paldig's post here, which saved me.

Edit /etc/postifx/master.cf and replace these:
Code: [Select]
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

With this:
Code: [Select]
smtpd_tls_CAfile = /etc/pki/tls/certs/hostname.domain.com.bundle

smtp_tls_CAfile = /etc/pki/tls/certs/hostname.domain.com.bundle

And viola! issue solved!
« Last Edit: April 19, 2019, 05:05:18 AM by ring_c »

Offline
**
Re: Can't connect to smtp (postfix) via SSL from sites on the VPS
« Reply #4 on: April 28, 2019, 12:02:27 PM »
Ok, for some weird reason, this issue popped up again.
Anyone I came back here to read my solution, and have noticed in the last step I've mentioned you should edit master.cf while I meant main.cf. Sorry for that.

Having said that, how can I make sure this won't change again?

Offline
*****
Re: Can't connect to smtp (postfix) via SSL from sites on the VPS
« Reply #5 on: April 29, 2019, 06:12:24 AM »
Check if your postfix/main.cf and dovecot.conf have correct CA-bundle (must have the name like "SSL-name-bundle"
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Can't connect to smtp (postfix) via SSL from sites on the VPS
« Reply #6 on: September 18, 2020, 05:38:21 PM »
Hi

I have missed lots of incoming mail due to this error. This error is on your own server .

Code: [Select]
# openssl ciphers -tls1_2
Error in cipher list
139895335331728:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383:

Code: [Select]
# openssl version -a
OpenSSL 1.0.2k-fips  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  rdrand dynamic

Code: [Select]
# openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1.2

Code: [Select]
# openssl s_client -starttls smtp -connect  alpha.glorency.com:465

Need to fix openssl Library !

Tools for checking problem:
https://www.checktls.com/TestReceiver
https://ssl-tools.net/mailservers

Offline
*
Re: Can't connect to smtp (postfix) via SSL from sites on the VPS
« Reply #7 on: June 24, 2022, 12:48:12 AM »
Just dropping by to say thank you. Thanks !
I was having difficulties connecting Outlook to my vps due to a certificate error. Then with a lot of struggle I found out that with imap ia, but I wasn't satisfied and wanted to make it top even with pop3 over SSL, and with this tutorial here it worked. Thanks for posting.