1

Topic: iRedmail SSL issue

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): Latest
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi,

I have updated the certificate with command

acme.sh --install-cert --issue --dns dns_namesilo --dnssleep 600 -d example.com -d *.example.com -d srv.example.com --cert-file /etc/ssl/certs/iRedMail.crt --key-file /etc/ssl/private/iRedMail.key --fullchain-file /etc/ssl/certs/Fullchain.crt --reloadcmd "chmod +r /etc/ssl/certs/iRedMail.crt && chmod +r /etc/ssl/private/iRedMail.key && service nginx reload && service postfix restart && service dovecot restart"

However, I cannot connect to the mail server via imap/smtp after this. Does iRedmail support wildcard SSL?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedmail SSL issue

Are you sure you got the valid ssl cert/key after this command?

3

Re: iRedmail SSL issue

Yes. Issued by let's encrypt

4

Re: iRedmail SSL issue

As far as I am concerned, the only thing iRedmail need is the cert+key, not the fullchain. They should all be valid.

5

Re: iRedmail SSL issue

gao wrote:

However, I cannot connect to the mail server via imap/smtp after this. Does iRedmail support wildcard SSL?

Back to your issue: what do you mean "cannot connect" here?

Btw, would you like to purchase the iRedAdmin-Pro license again since i already refunded the payment few days ago? smile

6

Re: iRedmail SSL issue

When connection through mac client or ios client, it says the verification of the user has failed despite entering the correct password.

I have never purchased the pro account so I have no idea what is going on. As a student, I probably won't need the pro features yet. Would definately support this program when I'm financially independent!

7

Re: iRedmail SSL issue

gao wrote:

When connection through mac client or ios client, it says the verification of the user has failed despite entering the correct password.

What's the related error in Dovecot log file?

gao wrote:

I have never purchased the pro account so I have no idea what is going on. As a student, I probably won't need the pro features yet. Would definately support this program when I'm financially independent!

Oops, my mistake, sorry. The buyer has same name as your forum name. I apologize.

8

Re: iRedmail SSL issue

Nov  3 01:51:50 srv dovecot: imap-login: Disconnected (no auth attempts in 3 secs): user=<>, rip=196.52.43.119, lip=104.129.20.183, TLS handshaking: SSL_accept() syscall failed: Success, session=<04o45bh50sfENCt3>
Nov  3 11:12:42 srv dovecot: imap-login: Disconnected (no auth attempts in 10 secs): user=<>, rip=107.170.216.33, lip=104.129.20.183, session=<rAgLu8B5aplrqtgh>
Nov  3 17:49:46 srv dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=139.162.109.245, lip=104.129.20.183, session=<sRwNR8Z5oLyLom31>
Nov  3 18:51:25 srv dovecot: imap-login: Login: user=<someone@example.com>, method=PLAIN, rip=192.83.228.246, lip=104.129.20.183, mpid=21039, TLS, session=<HI+RI8d5FGHAU+T2>
Nov  3 18:51:26 srv dovecot: imap(someone@example.com): Logged out in=61 out=667

9

Re: iRedmail SSL issue

Also, if I want to disable dovecot pop3, I just go to /etc/dovecot/dovecot.conf and then change protocols to
protocols = imap sieve lmtp
Right?

What is LMTP used for? Local mail transport?

10

Re: iRedmail SSL issue

gao wrote:

Nov  3 18:51:25 srv dovecot: imap-login: Login: user=<someone@example.com>, method=PLAIN, rip=192.83.228.246, lip=104.129.20.183, mpid=21039, TLS, session=<HI+RI8d5FGHAU+T2>
Nov  3 18:51:26 srv dovecot: imap(someone@example.com): Logged out in=61 out=667

This imap auth succeeded, TLS.

gao wrote:

Also, if I want to disable dovecot pop3, I just go to /etc/dovecot/dovecot.conf and then change protocols to
protocols = imap sieve lmtp
Right?

Right.

gao wrote:

What is LMTP used for? Local mail transport?

Yes.

11

Re: iRedmail SSL issue

Then why can't I login from mac/iOS client?

12

Re: iRedmail SSL issue

img

13

Re: iRedmail SSL issue

- Was the ssl cert successfully renewed? Did you verify it?
- When you access webmail with https, does the web browser complain invalid ssl cert issue?
- Do you have correct mail server hostname, port number, username and password in mac/ios client?

14

Re: iRedmail SSL issue

yes,yes,yes.

The hostname (i.e imap address) is the server hostname NOT the email domain right?

15

Re: iRedmail SSL issue

- what's your server hostname?
- which domain names are supported by your ssl cert?
- What's the issue now?

16

Re: iRedmail SSL issue

According to DNS record, mail server of domain "@cpu.party" is "srv.cpu.party" (IP: 104.129.20.183), i tried to connect to port 25 and 587, both timed out.

Does your firewall block them?

17

Re: iRedmail SSL issue

ZhangHuangbin wrote:

According to DNS record, mail server of domain "@cpu.party" is "srv.cpu.party" (IP: 104.129.20.183), i tried to connect to port 25 and 587, both timed out.

Does your firewall block them?

I don't believe so. I flushed my iptables record. Everything else is from a clean install of the script.

18

Re: iRedmail SSL issue

Is it a VPS on Linode/DigitalOcean/Amazon AWS/...? usually VPS vendor offers another layer of firewall, you need to make sure it doesn't block these network ports.

gao wrote:

I don't believe so. I flushed my iptables record. Everything else is from a clean install of the script.

Just try to connect to port 25/587/... from another EXTERNAL server.

19

Re: iRedmail SSL issue

ZhangHuangbin wrote:

Is it a VPS on Linode/DigitalOcean/Amazon AWS/...? usually VPS vendor offers another layer of firewall, you need to make sure it doesn't block these network ports.

gao wrote:

I don't believe so. I flushed my iptables record. Everything else is from a clean install of the script.

Just try to connect to port 25/587/... from another EXTERNAL server.

Yes. It turns out that the provider does have an external firewall. Thank you for your note.
Can I get a list of the ports? I don't use pop3

20

Re: iRedmail SSL issue

gao wrote:

Can I get a list of the ports? I don't use pop3

https://docs.iredmail.org/network.ports.html